chef 16.18.0-universal-mingw32 → 17.0.242-universal-mingw32
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +9 -13
- data/README.md +1 -1
- data/Rakefile +2 -2
- data/chef-universal-mingw32.gemspec +1 -1
- data/chef.gemspec +6 -8
- data/lib/chef/action_collection.rb +1 -1
- data/lib/chef/application/base.rb +1 -1
- data/lib/chef/application.rb +1 -1
- data/lib/chef/applications.rb +0 -1
- data/lib/chef/chef_fs/command_line.rb +5 -2
- data/lib/chef/chef_fs/file_system.rb +9 -10
- data/lib/chef/client.rb +5 -5
- data/lib/chef/compliance/default_attributes.rb +4 -3
- data/lib/chef/compliance/fetcher/automate.rb +0 -7
- data/lib/chef/compliance/reporter/automate.rb +17 -7
- data/lib/chef/compliance/reporter/chef_server_automate.rb +11 -6
- data/lib/chef/compliance/reporter/cli.rb +77 -0
- data/lib/chef/compliance/reporter/compliance_enforcer.rb +4 -0
- data/lib/chef/compliance/reporter/json_file.rb +8 -1
- data/lib/chef/compliance/runner.rb +65 -27
- data/lib/chef/cookbook/gem_installer.rb +1 -5
- data/lib/chef/cookbook/synchronizer.rb +3 -5
- data/lib/chef/cookbook_loader.rb +2 -4
- data/lib/chef/cookbook_uploader.rb +0 -1
- data/lib/chef/cookbook_version.rb +4 -26
- data/lib/chef/data_bag_item.rb +11 -2
- data/lib/chef/data_collector/run_end_message.rb +2 -2
- data/lib/chef/delayed_evaluator.rb +4 -0
- data/lib/chef/deprecated.rb +6 -12
- data/lib/chef/dsl/chef_vault.rb +6 -6
- data/lib/chef/dsl/reboot_pending.rb +1 -2
- data/lib/chef/exceptions.rb +0 -3
- data/lib/chef/formatters/error_inspectors/resource_failure_inspector.rb +20 -22
- data/lib/chef/formatters/error_mapper.rb +2 -2
- data/lib/chef/group.rb +75 -0
- data/lib/chef/http.rb +5 -5
- data/lib/chef/mixin/get_source_from_package.rb +1 -1
- data/lib/chef/node/attribute.rb +9 -24
- data/lib/chef/node/immutable_collections.rb +13 -0
- data/lib/chef/node/mixin/deep_merge_cache.rb +14 -10
- data/lib/chef/node.rb +19 -20
- data/lib/chef/org.rb +3 -2
- data/lib/chef/policy_builder/policyfile.rb +0 -5
- data/lib/chef/property.rb +18 -0
- data/lib/chef/provider/cron.rb +1 -1
- data/lib/chef/provider/execute.rb +2 -1
- data/lib/chef/provider/file.rb +1 -1
- data/lib/chef/provider/git.rb +5 -7
- data/lib/chef/provider/group/dscl.rb +1 -1
- data/lib/chef/provider/group/groupadd.rb +3 -3
- data/lib/chef/provider/group/groupmod.rb +3 -3
- data/lib/chef/provider/group/pw.rb +3 -3
- data/lib/chef/provider/ifconfig.rb +2 -2
- data/lib/chef/provider/link.rb +2 -2
- data/lib/chef/provider/mount/aix.rb +3 -3
- data/lib/chef/provider/mount/mount.rb +5 -5
- data/lib/chef/provider/mount/windows.rb +1 -1
- data/lib/chef/provider/mount.rb +5 -5
- data/lib/chef/provider/package/apt.rb +27 -1
- data/lib/chef/provider/package/deb.rb +3 -3
- data/lib/chef/provider/package/dnf/dnf_helper.py +1 -1
- data/lib/chef/provider/package/portage.rb +2 -2
- data/lib/chef/provider/package/powershell.rb +0 -5
- data/lib/chef/provider/package/rubygems.rb +9 -15
- data/lib/chef/provider/package/windows.rb +2 -4
- data/lib/chef/provider/package/yum/yum_helper.py +1 -1
- data/lib/chef/provider/package.rb +17 -21
- data/lib/chef/provider/route.rb +2 -2
- data/lib/chef/provider/service/aixinit.rb +1 -1
- data/lib/chef/provider/service/debian.rb +1 -1
- data/lib/chef/provider/service/freebsd.rb +15 -21
- data/lib/chef/provider/service/macosx.rb +4 -4
- data/lib/chef/provider/service/systemd.rb +43 -14
- data/lib/chef/provider/service/upstart.rb +2 -13
- data/lib/chef/provider/service/windows.rb +12 -12
- data/lib/chef/provider/service.rb +6 -6
- data/lib/chef/provider/subversion.rb +10 -12
- data/lib/chef/provider/systemd_unit.rb +36 -10
- data/lib/chef/provider/template/content.rb +3 -7
- data/lib/chef/provider/user/dscl.rb +1 -1
- data/lib/chef/provider/user/mac.rb +17 -20
- data/lib/chef/provider/user/pw.rb +1 -1
- data/lib/chef/provider/user/windows.rb +1 -1
- data/lib/chef/provider/user.rb +2 -2
- data/lib/chef/provider/zypper_repository.rb +2 -2
- data/lib/chef/provider.rb +1 -1
- data/lib/chef/providers.rb +0 -1
- data/lib/chef/resource/alternatives.rb +6 -6
- data/lib/chef/resource/apt_package.rb +1 -1
- data/lib/chef/resource/apt_preference.rb +2 -2
- data/lib/chef/resource/apt_repository.rb +6 -6
- data/lib/chef/resource/apt_update.rb +3 -2
- data/lib/chef/resource/archive_file.rb +8 -9
- data/lib/chef/resource/breakpoint.rb +1 -1
- data/lib/chef/resource/build_essential.rb +2 -6
- data/lib/chef/resource/chef_client_config.rb +2 -2
- data/lib/chef/resource/chef_client_cron.rb +4 -4
- data/lib/chef/resource/chef_client_launchd.rb +3 -3
- data/lib/chef/resource/chef_client_scheduled_task.rb +1 -1
- data/lib/chef/resource/chef_client_systemd_timer.rb +2 -2
- data/lib/chef/resource/chef_client_trusted_certificate.rb +0 -1
- data/lib/chef/resource/chef_handler.rb +3 -7
- data/lib/chef/resource/chef_sleep.rb +1 -1
- data/lib/chef/resource/chef_vault_secret.rb +3 -8
- data/lib/chef/resource/chocolatey_config.rb +2 -6
- data/lib/chef/resource/chocolatey_feature.rb +2 -6
- data/lib/chef/resource/chocolatey_source.rb +4 -10
- data/lib/chef/resource/cron/_cron_shared.rb +2 -2
- data/lib/chef/resource/cron_access.rb +2 -4
- data/lib/chef/resource/dmg_package.rb +6 -10
- data/lib/chef/resource/dpkg_package.rb +1 -1
- data/lib/chef/resource/execute.rb +6 -1
- data/lib/chef/resource/file.rb +1 -1
- data/lib/chef/resource/group.rb +2 -2
- data/lib/chef/resource/homebrew_cask.rb +5 -15
- data/lib/chef/resource/homebrew_tap.rb +2 -6
- data/lib/chef/resource/hostname.rb +21 -17
- data/lib/chef/resource/http_request.rb +1 -1
- data/lib/chef/resource/kernel_module.rb +6 -17
- data/lib/chef/resource/locale.rb +2 -3
- data/lib/chef/resource/lwrp_base.rb +4 -0
- data/lib/chef/resource/macos_userdefaults.rb +10 -14
- data/lib/chef/resource/mdadm.rb +53 -7
- data/lib/chef/resource/mount.rb +3 -2
- data/lib/chef/resource/openssl_ec_private_key.rb +2 -2
- data/lib/chef/resource/openssl_rsa_private_key.rb +1 -1
- data/lib/chef/resource/openssl_x509_certificate.rb +2 -2
- data/lib/chef/resource/plist.rb +7 -7
- data/lib/chef/resource/powershell_script.rb +1 -1
- data/lib/chef/resource/remote_file.rb +1 -1
- data/lib/chef/resource/rhsm_errata.rb +16 -1
- data/lib/chef/resource/rhsm_errata_level.rb +10 -1
- data/lib/chef/resource/rhsm_register.rb +12 -6
- data/lib/chef/resource/rhsm_repo.rb +2 -6
- data/lib/chef/resource/rhsm_subscription.rb +7 -11
- data/lib/chef/resource/scm/git.rb +1 -1
- data/lib/chef/resource/sudo.rb +6 -6
- data/lib/chef/resource/support/client.erb +2 -6
- data/lib/chef/resource/sysctl.rb +2 -6
- data/lib/chef/resource/systemd_unit.rb +3 -3
- data/lib/chef/resource/template.rb +1 -1
- data/lib/chef/resource/timezone.rb +1 -3
- data/lib/chef/resource/user/mac_user.rb +1 -1
- data/lib/chef/resource/user_ulimit.rb +2 -3
- data/lib/chef/resource/windows_ad_join.rb +2 -6
- data/lib/chef/resource/windows_audit_policy.rb +1 -1
- data/lib/chef/resource/windows_auto_run.rb +2 -5
- data/lib/chef/resource/windows_certificate.rb +207 -73
- data/lib/chef/resource/windows_dfs_folder.rb +2 -6
- data/lib/chef/resource/windows_dfs_namespace.rb +2 -6
- data/lib/chef/resource/windows_dfs_server.rb +1 -3
- data/lib/chef/resource/windows_dns_record.rb +2 -6
- data/lib/chef/resource/windows_dns_zone.rb +2 -6
- data/lib/chef/resource/windows_env.rb +5 -4
- data/lib/chef/resource/windows_feature.rb +3 -9
- data/lib/chef/resource/windows_feature_dism.rb +2 -6
- data/lib/chef/resource/windows_feature_powershell.rb +3 -3
- data/lib/chef/resource/windows_firewall_profile.rb +4 -4
- data/lib/chef/resource/windows_firewall_rule.rb +2 -5
- data/lib/chef/resource/windows_font.rb +2 -4
- data/lib/chef/resource/windows_pagefile.rb +2 -6
- data/lib/chef/resource/windows_path.rb +2 -2
- data/lib/chef/resource/windows_printer.rb +4 -4
- data/lib/chef/resource/windows_printer_port.rb +6 -6
- data/lib/chef/resource/windows_security_policy.rb +9 -12
- data/lib/chef/resource/windows_share.rb +14 -21
- data/lib/chef/resource/windows_shortcut.rb +4 -6
- data/lib/chef/resource/windows_task.rb +17 -5
- data/lib/chef/resource/windows_uac.rb +2 -4
- data/lib/chef/resource/windows_user_privilege.rb +5 -5
- data/lib/chef/resource/windows_workgroup.rb +1 -2
- data/lib/chef/resource.rb +1 -1
- data/lib/chef/resource_reporter.rb +1 -1
- data/lib/chef/resources.rb +0 -1
- data/lib/chef/shell/ext.rb +3 -3
- data/lib/chef/user.rb +0 -1
- data/lib/chef/user_v1.rb +3 -4
- data/lib/chef/util/dsc/configuration_generator.rb +1 -0
- data/lib/chef/util/dsc/local_configuration_manager.rb +1 -1
- data/lib/chef/version.rb +1 -1
- data/lib/chef/win32/api.rb +2 -9
- data/lib/chef/win32/registry.rb +4 -2
- data/lib/chef/win32/version.rb +1 -2
- data/spec/data/cookbooks/openldap/libraries/openldap.rb +1 -1
- data/spec/data/lwrp/resources/bar.rb +2 -0
- data/spec/data/lwrp/resources/buck_passer.rb +1 -0
- data/spec/data/lwrp/resources/buck_passer_2.rb +1 -0
- data/spec/data/lwrp/resources/embedded_resource_accesses_providers_scope.rb +1 -0
- data/spec/data/lwrp/resources/foo.rb +2 -0
- data/spec/data/lwrp/resources/inline_compiler.rb +1 -0
- data/spec/data/lwrp/resources/monkey_name_printer.rb +1 -0
- data/spec/data/lwrp/resources/paint_drying_watcher.rb +1 -0
- data/spec/data/lwrp/resources/thumb_twiddler.rb +1 -0
- data/spec/data/lwrp/resources_with_default_attributes/nodeattr.rb +2 -0
- data/spec/data/lwrp_const_scoping/resources/conflict.rb +1 -0
- data/spec/data/lwrp_override/resources/foo.rb +1 -0
- data/spec/data/rubygems.org/nonexistent_gem-info +1 -0
- data/spec/data/rubygems.org/sexp_processor-info +49 -0
- data/spec/data/run_context/cookbooks/circular-dep1/resources/resource.rb +1 -0
- data/spec/data/run_context/cookbooks/circular-dep2/resources/resource.rb +1 -0
- data/spec/data/run_context/cookbooks/dependency1/resources/resource.rb +1 -0
- data/spec/data/run_context/cookbooks/dependency2/resources/resource.rb +1 -0
- data/spec/data/run_context/cookbooks/no-default-attr/resources/resource.rb +1 -0
- data/spec/data/run_context/cookbooks/test/resources/resource.rb +2 -0
- data/spec/data/run_context/cookbooks/test-with-circular-deps/resources/resource.rb +2 -0
- data/spec/data/run_context/cookbooks/test-with-deps/resources/resource.rb +1 -0
- data/spec/functional/dsl/registry_helper_spec.rb +1 -1
- data/spec/functional/resource/aixinit_service_spec.rb +7 -7
- data/spec/functional/resource/apt_package_spec.rb +1 -1
- data/spec/functional/resource/chocolatey_package_spec.rb +9 -0
- data/spec/functional/resource/dnf_package_spec.rb +4 -1
- data/spec/functional/resource/group_spec.rb +1 -5
- data/spec/functional/resource/link_spec.rb +0 -8
- data/spec/functional/resource/registry_spec.rb +8 -8
- data/spec/functional/resource/user/mac_user_spec.rb +2 -2
- data/spec/functional/resource/windows_certificate_spec.rb +92 -35
- data/spec/functional/version_spec.rb +1 -1
- data/spec/functional/win32/registry_spec.rb +1 -1
- data/spec/integration/client/client_spec.rb +5 -2
- data/spec/integration/client/exit_code_spec.rb +1 -1
- data/spec/integration/client/ipv6_spec.rb +1 -1
- data/spec/integration/compliance/compliance_spec.rb +1 -1
- data/spec/integration/ohai/ohai_spec.rb +7 -6
- data/spec/integration/recipes/accumulator_spec.rb +13 -1
- data/spec/integration/recipes/lwrp_inline_resources_spec.rb +5 -1
- data/spec/integration/recipes/lwrp_spec.rb +3 -1
- data/spec/integration/recipes/notifies_spec.rb +15 -1
- data/spec/integration/recipes/notifying_block_spec.rb +2 -1
- data/spec/integration/recipes/recipe_dsl_spec.rb +9 -9
- data/spec/integration/recipes/unified_mode_spec.rb +1 -1
- data/spec/integration/recipes/use_partial_spec.rb +4 -1
- data/spec/spec_helper.rb +10 -13
- data/spec/support/chef_helpers.rb +0 -16
- data/spec/support/lib/chef/resource/with_state.rb +0 -1
- data/spec/support/lib/chef/resource/zen_follower.rb +0 -1
- data/spec/support/lib/chef/resource/zen_master.rb +0 -1
- data/spec/support/matchers/leak.rb +7 -9
- data/spec/support/platform_helpers.rb +1 -8
- data/spec/support/shared/integration/integration_helper.rb +0 -1
- data/spec/support/shared/unit/script_resource.rb +2 -2
- data/spec/unit/application/solo_spec.rb +2 -2
- data/spec/unit/chef_fs/diff_spec.rb +1 -1
- data/spec/unit/chef_fs/file_system_spec.rb +1 -1
- data/spec/unit/client_spec.rb +4 -4
- data/spec/unit/compliance/fetcher/automate_spec.rb +0 -16
- data/spec/unit/compliance/reporter/automate_spec.rb +26 -2
- data/spec/unit/compliance/reporter/chef_server_automate_spec.rb +20 -0
- data/spec/unit/compliance/reporter/compliance_enforcer_spec.rb +1 -0
- data/spec/unit/compliance/runner_spec.rb +30 -4
- data/spec/unit/cookbook_version_spec.rb +0 -52
- data/spec/unit/data_bag_item_spec.rb +1 -6
- data/spec/unit/data_collector_spec.rb +2 -71
- data/spec/unit/dsl/reboot_pending_spec.rb +2 -2
- data/spec/unit/dsl/registry_helper_spec.rb +1 -1
- data/spec/unit/lwrp_spec.rb +1 -1
- data/spec/unit/mixin/params_validate_spec.rb +4 -3
- data/spec/unit/mixin/powershell_out_spec.rb +2 -2
- data/spec/unit/node/attribute_spec.rb +1 -1
- data/spec/unit/node_spec.rb +78 -0
- data/spec/unit/org_group_spec.rb +45 -0
- data/spec/unit/policy_builder/policyfile_spec.rb +1 -11
- data/spec/unit/property_spec.rb +23 -22
- data/spec/unit/provider/cron_spec.rb +1 -1
- data/spec/unit/provider/group/gpasswd_spec.rb +2 -2
- data/spec/unit/provider/group/groupmod_spec.rb +2 -2
- data/spec/unit/provider/group/pw_spec.rb +2 -2
- data/spec/unit/provider/group_spec.rb +1 -1
- data/spec/unit/provider/package/apt_spec.rb +84 -18
- data/spec/unit/provider/package/deb_spec.rb +3 -3
- data/spec/unit/provider/package/powershell_spec.rb +12 -74
- data/spec/unit/provider/package/rubygems_spec.rb +18 -30
- data/spec/unit/provider/service/arch_service_spec.rb +1 -0
- data/spec/unit/provider/service/debian_service_spec.rb +1 -0
- data/spec/unit/provider/service/macosx_spec.rb +2 -2
- data/spec/unit/provider/service/systemd_service_spec.rb +138 -23
- data/spec/unit/provider/service/upstart_service_spec.rb +0 -29
- data/spec/unit/provider/service/windows_spec.rb +2 -2
- data/spec/unit/provider/subversion_spec.rb +2 -2
- data/spec/unit/provider/systemd_unit_spec.rb +79 -60
- data/spec/unit/provider/zypper_repository_spec.rb +2 -2
- data/spec/unit/provider_spec.rb +0 -8
- data/spec/unit/resource/archive_file_spec.rb +1 -13
- data/spec/unit/resource/chef_client_trusted_certificate_spec.rb +0 -14
- data/spec/unit/resource/homebrew_cask_spec.rb +11 -29
- data/spec/unit/resource/mount_spec.rb +0 -10
- data/spec/unit/resource/powershell_script_spec.rb +2 -2
- data/spec/unit/resource/rhsm_subscription_spec.rb +3 -50
- data/spec/unit/resource/systemd_unit_spec.rb +1 -1
- data/spec/unit/resource/user_ulimit_spec.rb +1 -14
- data/spec/unit/resource/windows_task_spec.rb +1 -1
- data/spec/unit/resource_spec.rb +2 -7
- data/spec/unit/user_spec.rb +1 -1
- data/spec/unit/user_v1_spec.rb +6 -4
- data/tasks/rspec.rb +15 -7
- metadata +19 -382
- data/bin/knife +0 -24
- data/lib/chef/application/knife.rb +0 -234
- data/lib/chef/application/windows_service.rb +0 -338
- data/lib/chef/application/windows_service_manager.rb +0 -205
- data/lib/chef/chef_fs/knife.rb +0 -160
- data/lib/chef/chef_fs/parallelizer/flatten_enumerable.rb +0 -35
- data/lib/chef/chef_fs/parallelizer/parallel_enumerable.rb +0 -278
- data/lib/chef/chef_fs/parallelizer.rb +0 -102
- data/lib/chef/cookbook_site_streaming_uploader.rb +0 -244
- data/lib/chef/knife/acl_add.rb +0 -57
- data/lib/chef/knife/acl_base.rb +0 -183
- data/lib/chef/knife/acl_bulk_add.rb +0 -78
- data/lib/chef/knife/acl_bulk_remove.rb +0 -83
- data/lib/chef/knife/acl_remove.rb +0 -62
- data/lib/chef/knife/acl_show.rb +0 -56
- data/lib/chef/knife/bootstrap/chef_vault_handler.rb +0 -162
- data/lib/chef/knife/bootstrap/client_builder.rb +0 -212
- data/lib/chef/knife/bootstrap/templates/README.md +0 -11
- data/lib/chef/knife/bootstrap/templates/chef-full.erb +0 -242
- data/lib/chef/knife/bootstrap/templates/windows-chef-client-msi.erb +0 -278
- data/lib/chef/knife/bootstrap/train_connector.rb +0 -336
- data/lib/chef/knife/bootstrap.rb +0 -1192
- data/lib/chef/knife/client_bulk_delete.rb +0 -104
- data/lib/chef/knife/client_create.rb +0 -101
- data/lib/chef/knife/client_delete.rb +0 -62
- data/lib/chef/knife/client_edit.rb +0 -52
- data/lib/chef/knife/client_key_create.rb +0 -73
- data/lib/chef/knife/client_key_delete.rb +0 -80
- data/lib/chef/knife/client_key_edit.rb +0 -83
- data/lib/chef/knife/client_key_list.rb +0 -73
- data/lib/chef/knife/client_key_show.rb +0 -80
- data/lib/chef/knife/client_list.rb +0 -41
- data/lib/chef/knife/client_reregister.rb +0 -58
- data/lib/chef/knife/client_show.rb +0 -48
- data/lib/chef/knife/config_get.rb +0 -39
- data/lib/chef/knife/config_get_profile.rb +0 -37
- data/lib/chef/knife/config_list.rb +0 -139
- data/lib/chef/knife/config_list_profiles.rb +0 -37
- data/lib/chef/knife/config_show.rb +0 -127
- data/lib/chef/knife/config_use.rb +0 -61
- data/lib/chef/knife/config_use_profile.rb +0 -47
- data/lib/chef/knife/configure.rb +0 -150
- data/lib/chef/knife/configure_client.rb +0 -48
- data/lib/chef/knife/cookbook_bulk_delete.rb +0 -71
- data/lib/chef/knife/cookbook_delete.rb +0 -151
- data/lib/chef/knife/cookbook_download.rb +0 -142
- data/lib/chef/knife/cookbook_list.rb +0 -47
- data/lib/chef/knife/cookbook_metadata.rb +0 -106
- data/lib/chef/knife/cookbook_metadata_from_file.rb +0 -49
- data/lib/chef/knife/cookbook_show.rb +0 -98
- data/lib/chef/knife/cookbook_upload.rb +0 -292
- data/lib/chef/knife/core/bootstrap_context.rb +0 -264
- data/lib/chef/knife/core/cookbook_scm_repo.rb +0 -159
- data/lib/chef/knife/core/formatting_options.rb +0 -49
- data/lib/chef/knife/core/gem_glob_loader.rb +0 -138
- data/lib/chef/knife/core/generic_presenter.rb +0 -232
- data/lib/chef/knife/core/hashed_command_loader.rb +0 -100
- data/lib/chef/knife/core/node_editor.rb +0 -130
- data/lib/chef/knife/core/node_presenter.rb +0 -133
- data/lib/chef/knife/core/object_loader.rb +0 -115
- data/lib/chef/knife/core/status_presenter.rb +0 -147
- data/lib/chef/knife/core/subcommand_loader.rb +0 -203
- data/lib/chef/knife/core/text_formatter.rb +0 -85
- data/lib/chef/knife/core/ui.rb +0 -338
- data/lib/chef/knife/core/windows_bootstrap_context.rb +0 -405
- data/lib/chef/knife/data_bag_create.rb +0 -81
- data/lib/chef/knife/data_bag_delete.rb +0 -49
- data/lib/chef/knife/data_bag_edit.rb +0 -74
- data/lib/chef/knife/data_bag_from_file.rb +0 -113
- data/lib/chef/knife/data_bag_list.rb +0 -42
- data/lib/chef/knife/data_bag_secret_options.rb +0 -122
- data/lib/chef/knife/data_bag_show.rb +0 -69
- data/lib/chef/knife/delete.rb +0 -125
- data/lib/chef/knife/deps.rb +0 -156
- data/lib/chef/knife/diff.rb +0 -83
- data/lib/chef/knife/download.rb +0 -84
- data/lib/chef/knife/edit.rb +0 -88
- data/lib/chef/knife/environment_compare.rb +0 -128
- data/lib/chef/knife/environment_create.rb +0 -52
- data/lib/chef/knife/environment_delete.rb +0 -44
- data/lib/chef/knife/environment_edit.rb +0 -44
- data/lib/chef/knife/environment_from_file.rb +0 -84
- data/lib/chef/knife/environment_list.rb +0 -41
- data/lib/chef/knife/environment_show.rb +0 -47
- data/lib/chef/knife/exec.rb +0 -99
- data/lib/chef/knife/group_add.rb +0 -55
- data/lib/chef/knife/group_create.rb +0 -49
- data/lib/chef/knife/group_destroy.rb +0 -53
- data/lib/chef/knife/group_list.rb +0 -43
- data/lib/chef/knife/group_remove.rb +0 -56
- data/lib/chef/knife/group_show.rb +0 -49
- data/lib/chef/knife/key_create.rb +0 -112
- data/lib/chef/knife/key_create_base.rb +0 -50
- data/lib/chef/knife/key_delete.rb +0 -55
- data/lib/chef/knife/key_edit.rb +0 -118
- data/lib/chef/knife/key_edit_base.rb +0 -55
- data/lib/chef/knife/key_list.rb +0 -90
- data/lib/chef/knife/key_list_base.rb +0 -45
- data/lib/chef/knife/key_show.rb +0 -53
- data/lib/chef/knife/list.rb +0 -177
- data/lib/chef/knife/node_bulk_delete.rb +0 -75
- data/lib/chef/knife/node_create.rb +0 -47
- data/lib/chef/knife/node_delete.rb +0 -46
- data/lib/chef/knife/node_edit.rb +0 -70
- data/lib/chef/knife/node_environment_set.rb +0 -53
- data/lib/chef/knife/node_from_file.rb +0 -51
- data/lib/chef/knife/node_list.rb +0 -44
- data/lib/chef/knife/node_policy_set.rb +0 -79
- data/lib/chef/knife/node_run_list_add.rb +0 -104
- data/lib/chef/knife/node_run_list_remove.rb +0 -67
- data/lib/chef/knife/node_run_list_set.rb +0 -66
- data/lib/chef/knife/node_show.rb +0 -63
- data/lib/chef/knife/null.rb +0 -12
- data/lib/chef/knife/raw.rb +0 -123
- data/lib/chef/knife/recipe_list.rb +0 -32
- data/lib/chef/knife/rehash.rb +0 -50
- data/lib/chef/knife/role_bulk_delete.rb +0 -66
- data/lib/chef/knife/role_create.rb +0 -53
- data/lib/chef/knife/role_delete.rb +0 -46
- data/lib/chef/knife/role_edit.rb +0 -45
- data/lib/chef/knife/role_env_run_list_add.rb +0 -87
- data/lib/chef/knife/role_env_run_list_clear.rb +0 -55
- data/lib/chef/knife/role_env_run_list_remove.rb +0 -57
- data/lib/chef/knife/role_env_run_list_replace.rb +0 -60
- data/lib/chef/knife/role_env_run_list_set.rb +0 -70
- data/lib/chef/knife/role_from_file.rb +0 -51
- data/lib/chef/knife/role_list.rb +0 -42
- data/lib/chef/knife/role_run_list_add.rb +0 -87
- data/lib/chef/knife/role_run_list_clear.rb +0 -55
- data/lib/chef/knife/role_run_list_remove.rb +0 -56
- data/lib/chef/knife/role_run_list_replace.rb +0 -60
- data/lib/chef/knife/role_run_list_set.rb +0 -69
- data/lib/chef/knife/role_show.rb +0 -48
- data/lib/chef/knife/search.rb +0 -194
- data/lib/chef/knife/serve.rb +0 -65
- data/lib/chef/knife/show.rb +0 -72
- data/lib/chef/knife/ssh.rb +0 -645
- data/lib/chef/knife/ssl_check.rb +0 -284
- data/lib/chef/knife/ssl_fetch.rb +0 -161
- data/lib/chef/knife/status.rb +0 -95
- data/lib/chef/knife/supermarket_download.rb +0 -121
- data/lib/chef/knife/supermarket_install.rb +0 -192
- data/lib/chef/knife/supermarket_list.rb +0 -76
- data/lib/chef/knife/supermarket_search.rb +0 -53
- data/lib/chef/knife/supermarket_share.rb +0 -166
- data/lib/chef/knife/supermarket_show.rb +0 -66
- data/lib/chef/knife/supermarket_unshare.rb +0 -61
- data/lib/chef/knife/tag_create.rb +0 -52
- data/lib/chef/knife/tag_delete.rb +0 -60
- data/lib/chef/knife/tag_list.rb +0 -47
- data/lib/chef/knife/upload.rb +0 -86
- data/lib/chef/knife/user_create.rb +0 -107
- data/lib/chef/knife/user_delete.rb +0 -44
- data/lib/chef/knife/user_dissociate.rb +0 -42
- data/lib/chef/knife/user_edit.rb +0 -52
- data/lib/chef/knife/user_invite_add.rb +0 -43
- data/lib/chef/knife/user_invite_list.rb +0 -34
- data/lib/chef/knife/user_invite_rescind.rb +0 -63
- data/lib/chef/knife/user_key_create.rb +0 -73
- data/lib/chef/knife/user_key_delete.rb +0 -80
- data/lib/chef/knife/user_key_edit.rb +0 -83
- data/lib/chef/knife/user_key_list.rb +0 -73
- data/lib/chef/knife/user_key_show.rb +0 -80
- data/lib/chef/knife/user_list.rb +0 -42
- data/lib/chef/knife/user_reregister.rb +0 -59
- data/lib/chef/knife/user_show.rb +0 -48
- data/lib/chef/knife/xargs.rb +0 -282
- data/lib/chef/knife/yaml_convert.rb +0 -91
- data/lib/chef/knife.rb +0 -665
- data/lib/chef/resource/user/dscl_user.rb +0 -35
- data/spec/data/knife-home/.chef/plugins/knife/example_home_subcommand.rb +0 -0
- data/spec/data/knife-site-subcommands/plugins/knife/example_subcommand.rb +0 -0
- data/spec/data/knife_subcommand/test_explicit_category.rb +0 -7
- data/spec/data/knife_subcommand/test_name_mapping.rb +0 -4
- data/spec/data/knife_subcommand/test_yourself.rb +0 -21
- data/spec/functional/knife/configure_spec.rb +0 -33
- data/spec/functional/knife/cookbook_delete_spec.rb +0 -156
- data/spec/functional/knife/exec_spec.rb +0 -55
- data/spec/functional/knife/rehash_spec.rb +0 -39
- data/spec/functional/knife/smoke_test.rb +0 -42
- data/spec/functional/knife/ssh_spec.rb +0 -352
- data/spec/functional/resource/user/dscl_spec.rb +0 -188
- data/spec/functional/resource/windows_service_spec.rb +0 -105
- data/spec/functional/win32/service_manager_spec.rb +0 -220
- data/spec/integration/knife/chef_fs_data_store_spec.rb +0 -557
- data/spec/integration/knife/chef_repo_path_spec.rb +0 -962
- data/spec/integration/knife/chef_repository_file_system_spec.rb +0 -200
- data/spec/integration/knife/chefignore_spec.rb +0 -301
- data/spec/integration/knife/client_bulk_delete_spec.rb +0 -131
- data/spec/integration/knife/client_create_spec.rb +0 -70
- data/spec/integration/knife/client_delete_spec.rb +0 -64
- data/spec/integration/knife/client_key_create_spec.rb +0 -66
- data/spec/integration/knife/client_key_delete_spec.rb +0 -43
- data/spec/integration/knife/client_key_list_spec.rb +0 -61
- data/spec/integration/knife/client_key_show_spec.rb +0 -45
- data/spec/integration/knife/client_list_spec.rb +0 -49
- data/spec/integration/knife/client_show_spec.rb +0 -37
- data/spec/integration/knife/common_options_spec.rb +0 -174
- data/spec/integration/knife/config_list_spec.rb +0 -220
- data/spec/integration/knife/config_show_spec.rb +0 -192
- data/spec/integration/knife/config_use_spec.rb +0 -198
- data/spec/integration/knife/cookbook_api_ipv6_spec.rb +0 -113
- data/spec/integration/knife/cookbook_bulk_delete_spec.rb +0 -65
- data/spec/integration/knife/cookbook_download_spec.rb +0 -72
- data/spec/integration/knife/cookbook_list_spec.rb +0 -55
- data/spec/integration/knife/cookbook_show_spec.rb +0 -149
- data/spec/integration/knife/cookbook_upload_spec.rb +0 -128
- data/spec/integration/knife/data_bag_create_spec.rb +0 -125
- data/spec/integration/knife/data_bag_delete_spec.rb +0 -59
- data/spec/integration/knife/data_bag_edit_spec.rb +0 -105
- data/spec/integration/knife/data_bag_from_file_spec.rb +0 -116
- data/spec/integration/knife/data_bag_list_spec.rb +0 -44
- data/spec/integration/knife/data_bag_show_spec.rb +0 -95
- data/spec/integration/knife/delete_spec.rb +0 -1018
- data/spec/integration/knife/deps_spec.rb +0 -703
- data/spec/integration/knife/diff_spec.rb +0 -605
- data/spec/integration/knife/download_spec.rb +0 -1336
- data/spec/integration/knife/environment_compare_spec.rb +0 -75
- data/spec/integration/knife/environment_create_spec.rb +0 -41
- data/spec/integration/knife/environment_delete_spec.rb +0 -37
- data/spec/integration/knife/environment_from_file_spec.rb +0 -116
- data/spec/integration/knife/environment_list_spec.rb +0 -42
- data/spec/integration/knife/environment_show_spec.rb +0 -77
- data/spec/integration/knife/list_spec.rb +0 -1060
- data/spec/integration/knife/node_bulk_delete_spec.rb +0 -52
- data/spec/integration/knife/node_create_spec.rb +0 -47
- data/spec/integration/knife/node_delete_spec.rb +0 -48
- data/spec/integration/knife/node_environment_set_spec.rb +0 -46
- data/spec/integration/knife/node_from_file_spec.rb +0 -59
- data/spec/integration/knife/node_list_spec.rb +0 -45
- data/spec/integration/knife/node_run_list_add_spec.rb +0 -54
- data/spec/integration/knife/node_run_list_remove_spec.rb +0 -36
- data/spec/integration/knife/node_run_list_set_spec.rb +0 -41
- data/spec/integration/knife/node_show_spec.rb +0 -36
- data/spec/integration/knife/raw_spec.rb +0 -297
- data/spec/integration/knife/redirection_spec.rb +0 -64
- data/spec/integration/knife/role_bulk_delete_spec.rb +0 -52
- data/spec/integration/knife/role_create_spec.rb +0 -41
- data/spec/integration/knife/role_delete_spec.rb +0 -48
- data/spec/integration/knife/role_from_file_spec.rb +0 -96
- data/spec/integration/knife/role_list_spec.rb +0 -45
- data/spec/integration/knife/role_show_spec.rb +0 -51
- data/spec/integration/knife/search_node_spec.rb +0 -40
- data/spec/integration/knife/serve_spec.rb +0 -92
- data/spec/integration/knife/show_spec.rb +0 -197
- data/spec/integration/knife/upload_spec.rb +0 -1616
- data/spec/support/shared/functional/knife.rb +0 -37
- data/spec/support/shared/functional/win32_service.rb +0 -57
- data/spec/support/shared/integration/knife_support.rb +0 -192
- data/spec/support/shared/unit/knife_shared.rb +0 -39
- data/spec/unit/application/knife_spec.rb +0 -241
- data/spec/unit/chef_fs/parallelizer_spec.rb +0 -479
- data/spec/unit/cookbook_site_streaming_uploader_spec.rb +0 -198
- data/spec/unit/knife/bootstrap/chef_vault_handler_spec.rb +0 -152
- data/spec/unit/knife/bootstrap/client_builder_spec.rb +0 -207
- data/spec/unit/knife/bootstrap/train_connector_spec.rb +0 -244
- data/spec/unit/knife/bootstrap_spec.rb +0 -2220
- data/spec/unit/knife/client_bulk_delete_spec.rb +0 -166
- data/spec/unit/knife/client_create_spec.rb +0 -169
- data/spec/unit/knife/client_delete_spec.rb +0 -99
- data/spec/unit/knife/client_edit_spec.rb +0 -53
- data/spec/unit/knife/client_list_spec.rb +0 -34
- data/spec/unit/knife/client_reregister_spec.rb +0 -62
- data/spec/unit/knife/client_show_spec.rb +0 -52
- data/spec/unit/knife/configure_client_spec.rb +0 -81
- data/spec/unit/knife/configure_spec.rb +0 -190
- data/spec/unit/knife/cookbook_bulk_delete_spec.rb +0 -87
- data/spec/unit/knife/cookbook_delete_spec.rb +0 -239
- data/spec/unit/knife/cookbook_download_spec.rb +0 -255
- data/spec/unit/knife/cookbook_list_spec.rb +0 -88
- data/spec/unit/knife/cookbook_metadata_from_file_spec.rb +0 -72
- data/spec/unit/knife/cookbook_metadata_spec.rb +0 -182
- data/spec/unit/knife/cookbook_show_spec.rb +0 -253
- data/spec/unit/knife/cookbook_upload_spec.rb +0 -364
- data/spec/unit/knife/core/bootstrap_context_spec.rb +0 -287
- data/spec/unit/knife/core/cookbook_scm_repo_spec.rb +0 -187
- data/spec/unit/knife/core/gem_glob_loader_spec.rb +0 -209
- data/spec/unit/knife/core/hashed_command_loader_spec.rb +0 -112
- data/spec/unit/knife/core/node_editor_spec.rb +0 -211
- data/spec/unit/knife/core/object_loader_spec.rb +0 -81
- data/spec/unit/knife/core/status_presenter_spec.rb +0 -54
- data/spec/unit/knife/core/subcommand_loader_spec.rb +0 -64
- data/spec/unit/knife/core/ui_spec.rb +0 -656
- data/spec/unit/knife/core/windows_bootstrap_context_spec.rb +0 -238
- data/spec/unit/knife/data_bag_create_spec.rb +0 -175
- data/spec/unit/knife/data_bag_edit_spec.rb +0 -126
- data/spec/unit/knife/data_bag_from_file_spec.rb +0 -174
- data/spec/unit/knife/data_bag_secret_options_spec.rb +0 -173
- data/spec/unit/knife/data_bag_show_spec.rb +0 -139
- data/spec/unit/knife/environment_compare_spec.rb +0 -112
- data/spec/unit/knife/environment_create_spec.rb +0 -91
- data/spec/unit/knife/environment_delete_spec.rb +0 -71
- data/spec/unit/knife/environment_edit_spec.rb +0 -79
- data/spec/unit/knife/environment_from_file_spec.rb +0 -90
- data/spec/unit/knife/environment_list_spec.rb +0 -54
- data/spec/unit/knife/environment_show_spec.rb +0 -52
- data/spec/unit/knife/key_create_spec.rb +0 -223
- data/spec/unit/knife/key_delete_spec.rb +0 -133
- data/spec/unit/knife/key_edit_spec.rb +0 -264
- data/spec/unit/knife/key_helper.rb +0 -74
- data/spec/unit/knife/key_list_spec.rb +0 -216
- data/spec/unit/knife/key_show_spec.rb +0 -126
- data/spec/unit/knife/node_bulk_delete_spec.rb +0 -94
- data/spec/unit/knife/node_delete_spec.rb +0 -77
- data/spec/unit/knife/node_edit_spec.rb +0 -116
- data/spec/unit/knife/node_environment_set_spec.rb +0 -61
- data/spec/unit/knife/node_from_file_spec.rb +0 -59
- data/spec/unit/knife/node_list_spec.rb +0 -62
- data/spec/unit/knife/node_policy_set_spec.rb +0 -122
- data/spec/unit/knife/node_run_list_add_spec.rb +0 -145
- data/spec/unit/knife/node_run_list_remove_spec.rb +0 -106
- data/spec/unit/knife/node_run_list_set_spec.rb +0 -115
- data/spec/unit/knife/node_show_spec.rb +0 -65
- data/spec/unit/knife/raw_spec.rb +0 -43
- data/spec/unit/knife/role_bulk_delete_spec.rb +0 -80
- data/spec/unit/knife/role_create_spec.rb +0 -80
- data/spec/unit/knife/role_delete_spec.rb +0 -67
- data/spec/unit/knife/role_edit_spec.rb +0 -77
- data/spec/unit/knife/role_env_run_list_add_spec.rb +0 -217
- data/spec/unit/knife/role_env_run_list_clear_spec.rb +0 -94
- data/spec/unit/knife/role_env_run_list_remove_spec.rb +0 -102
- data/spec/unit/knife/role_env_run_list_replace_spec.rb +0 -105
- data/spec/unit/knife/role_env_run_list_set_spec.rb +0 -99
- data/spec/unit/knife/role_from_file_spec.rb +0 -69
- data/spec/unit/knife/role_list_spec.rb +0 -54
- data/spec/unit/knife/role_run_list_add_spec.rb +0 -179
- data/spec/unit/knife/role_run_list_clear_spec.rb +0 -84
- data/spec/unit/knife/role_run_list_remove_spec.rb +0 -92
- data/spec/unit/knife/role_run_list_replace_spec.rb +0 -98
- data/spec/unit/knife/role_run_list_set_spec.rb +0 -89
- data/spec/unit/knife/role_show_spec.rb +0 -59
- data/spec/unit/knife/ssh_spec.rb +0 -403
- data/spec/unit/knife/ssl_check_spec.rb +0 -256
- data/spec/unit/knife/ssl_fetch_spec.rb +0 -222
- data/spec/unit/knife/status_spec.rb +0 -112
- data/spec/unit/knife/supermarket_download_spec.rb +0 -152
- data/spec/unit/knife/supermarket_install_spec.rb +0 -202
- data/spec/unit/knife/supermarket_list_spec.rb +0 -70
- data/spec/unit/knife/supermarket_search_spec.rb +0 -85
- data/spec/unit/knife/supermarket_share_spec.rb +0 -208
- data/spec/unit/knife/supermarket_unshare_spec.rb +0 -78
- data/spec/unit/knife/tag_create_spec.rb +0 -23
- data/spec/unit/knife/tag_delete_spec.rb +0 -25
- data/spec/unit/knife/tag_list_spec.rb +0 -23
- data/spec/unit/knife/user_create_spec.rb +0 -184
- data/spec/unit/knife/user_delete_spec.rb +0 -46
- data/spec/unit/knife/user_edit_spec.rb +0 -48
- data/spec/unit/knife/user_list_spec.rb +0 -36
- data/spec/unit/knife/user_reregister_spec.rb +0 -56
- data/spec/unit/knife/user_show_spec.rb +0 -46
- data/spec/unit/knife_spec.rb +0 -634
- data/spec/unit/provider/user/dscl_spec.rb +0 -699
- data/spec/unit/windows_service_spec.rb +0 -118
data/lib/chef/knife/bootstrap.rb
DELETED
@@ -1,1192 +0,0 @@
|
|
1
|
-
#
|
2
|
-
# Author:: Adam Jacob (<adam@chef.io>)
|
3
|
-
# Copyright:: Copyright (c) Chef Software Inc.
|
4
|
-
# License:: Apache License, Version 2.0
|
5
|
-
#
|
6
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
-
# you may not use this file except in compliance with the License.
|
8
|
-
# You may obtain a copy of the License at
|
9
|
-
#
|
10
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
-
#
|
12
|
-
# Unless required by applicable law or agreed to in writing, software
|
13
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
-
# See the License for the specific language governing permissions and
|
16
|
-
# limitations under the License.
|
17
|
-
#
|
18
|
-
|
19
|
-
require_relative "../knife"
|
20
|
-
require_relative "data_bag_secret_options"
|
21
|
-
require "chef-utils/dist" unless defined?(ChefUtils::Dist)
|
22
|
-
require "license_acceptance/cli_flags/mixlib_cli"
|
23
|
-
module LicenseAcceptance
|
24
|
-
autoload :Acceptor, "license_acceptance/acceptor"
|
25
|
-
end
|
26
|
-
|
27
|
-
class Chef
|
28
|
-
class Knife
|
29
|
-
class Bootstrap < Knife
|
30
|
-
include DataBagSecretOptions
|
31
|
-
include LicenseAcceptance::CLIFlags::MixlibCLI
|
32
|
-
|
33
|
-
SUPPORTED_CONNECTION_PROTOCOLS ||= %w{ssh winrm}.freeze
|
34
|
-
WINRM_AUTH_PROTOCOL_LIST ||= %w{plaintext kerberos ssl negotiate}.freeze
|
35
|
-
|
36
|
-
# Common connectivity options
|
37
|
-
option :connection_user,
|
38
|
-
short: "-U USERNAME",
|
39
|
-
long: "--connection-user USERNAME",
|
40
|
-
description: "Authenticate to the target host with this user account."
|
41
|
-
|
42
|
-
option :connection_password,
|
43
|
-
short: "-P PASSWORD",
|
44
|
-
long: "--connection-password PASSWORD",
|
45
|
-
description: "Authenticate to the target host with this password."
|
46
|
-
|
47
|
-
option :connection_port,
|
48
|
-
short: "-p PORT",
|
49
|
-
long: "--connection-port PORT",
|
50
|
-
description: "The port on the target node to connect to."
|
51
|
-
|
52
|
-
option :connection_protocol,
|
53
|
-
short: "-o PROTOCOL",
|
54
|
-
long: "--connection-protocol PROTOCOL",
|
55
|
-
description: "The protocol to use to connect to the target node.",
|
56
|
-
in: SUPPORTED_CONNECTION_PROTOCOLS
|
57
|
-
|
58
|
-
option :max_wait,
|
59
|
-
short: "-W SECONDS",
|
60
|
-
long: "--max-wait SECONDS",
|
61
|
-
description: "The maximum time to wait for the initial connection to be established."
|
62
|
-
|
63
|
-
option :session_timeout,
|
64
|
-
long: "--session-timeout SECONDS",
|
65
|
-
description: "The number of seconds to wait for each connection operation to be acknowledged while running bootstrap.",
|
66
|
-
default: 60
|
67
|
-
|
68
|
-
# WinRM Authentication
|
69
|
-
option :winrm_ssl_peer_fingerprint,
|
70
|
-
long: "--winrm-ssl-peer-fingerprint FINGERPRINT",
|
71
|
-
description: "SSL certificate fingerprint expected from the target."
|
72
|
-
|
73
|
-
option :ca_trust_file,
|
74
|
-
short: "-f CA_TRUST_PATH",
|
75
|
-
long: "--ca-trust-file CA_TRUST_PATH",
|
76
|
-
description: "The Certificate Authority (CA) trust file used for SSL transport."
|
77
|
-
|
78
|
-
option :winrm_no_verify_cert,
|
79
|
-
long: "--winrm-no-verify-cert",
|
80
|
-
description: "Do not verify the SSL certificate of the target node for WinRM.",
|
81
|
-
boolean: true
|
82
|
-
|
83
|
-
option :winrm_ssl,
|
84
|
-
long: "--winrm-ssl",
|
85
|
-
description: "Use SSL in the WinRM connection."
|
86
|
-
|
87
|
-
option :winrm_auth_method,
|
88
|
-
short: "-w AUTH-METHOD",
|
89
|
-
long: "--winrm-auth-method AUTH-METHOD",
|
90
|
-
description: "The WinRM authentication method to use.",
|
91
|
-
in: WINRM_AUTH_PROTOCOL_LIST
|
92
|
-
|
93
|
-
option :winrm_basic_auth_only,
|
94
|
-
long: "--winrm-basic-auth-only",
|
95
|
-
description: "For WinRM basic authentication when using the 'ssl' auth method.",
|
96
|
-
boolean: true
|
97
|
-
|
98
|
-
# This option was provided in knife bootstrap windows winrm,
|
99
|
-
# but it is ignored in knife-windows/WinrmSession, and so remains unimplemented here.
|
100
|
-
# option :kerberos_keytab_file,
|
101
|
-
# :short => "-T KEYTAB_FILE",
|
102
|
-
# :long => "--keytab-file KEYTAB_FILE",
|
103
|
-
# :description => "The Kerberos keytab file used for authentication"
|
104
|
-
|
105
|
-
option :kerberos_realm,
|
106
|
-
short: "-R KERBEROS_REALM",
|
107
|
-
long: "--kerberos-realm KERBEROS_REALM",
|
108
|
-
description: "The Kerberos realm used for authentication."
|
109
|
-
|
110
|
-
option :kerberos_service,
|
111
|
-
short: "-S KERBEROS_SERVICE",
|
112
|
-
long: "--kerberos-service KERBEROS_SERVICE",
|
113
|
-
description: "The Kerberos service used for authentication."
|
114
|
-
|
115
|
-
## SSH Authentication
|
116
|
-
option :ssh_gateway,
|
117
|
-
short: "-G GATEWAY",
|
118
|
-
long: "--ssh-gateway GATEWAY",
|
119
|
-
description: "The SSH gateway."
|
120
|
-
|
121
|
-
option :ssh_gateway_identity,
|
122
|
-
long: "--ssh-gateway-identity SSH_GATEWAY_IDENTITY",
|
123
|
-
description: "The SSH identity file used for gateway authentication."
|
124
|
-
|
125
|
-
option :ssh_forward_agent,
|
126
|
-
short: "-A",
|
127
|
-
long: "--ssh-forward-agent",
|
128
|
-
description: "Enable SSH agent forwarding.",
|
129
|
-
boolean: true
|
130
|
-
|
131
|
-
option :ssh_identity_file,
|
132
|
-
short: "-i IDENTITY_FILE",
|
133
|
-
long: "--ssh-identity-file IDENTITY_FILE",
|
134
|
-
description: "The SSH identity file used for authentication."
|
135
|
-
|
136
|
-
option :ssh_verify_host_key,
|
137
|
-
long: "--ssh-verify-host-key VALUE",
|
138
|
-
description: "Verify host key. Default is 'always'.",
|
139
|
-
in: %w{always accept_new accept_new_or_local_tunnel never},
|
140
|
-
default: "always"
|
141
|
-
|
142
|
-
#
|
143
|
-
# bootstrap options
|
144
|
-
#
|
145
|
-
|
146
|
-
# client.rb content via chef-full/bootstrap_context
|
147
|
-
option :bootstrap_version,
|
148
|
-
long: "--bootstrap-version VERSION",
|
149
|
-
description: "The version of #{ChefUtils::Dist::Infra::PRODUCT} to install."
|
150
|
-
|
151
|
-
option :channel,
|
152
|
-
long: "--channel CHANNEL",
|
153
|
-
description: "Install from the given channel. Default is 'stable'.",
|
154
|
-
default: "stable",
|
155
|
-
in: %w{stable current unstable}
|
156
|
-
|
157
|
-
# client.rb content via chef-full/bootstrap_context
|
158
|
-
option :bootstrap_proxy,
|
159
|
-
long: "--bootstrap-proxy PROXY_URL",
|
160
|
-
description: "The proxy server for the node being bootstrapped."
|
161
|
-
|
162
|
-
# client.rb content via bootstrap_context
|
163
|
-
option :bootstrap_proxy_user,
|
164
|
-
long: "--bootstrap-proxy-user PROXY_USER",
|
165
|
-
description: "The proxy authentication username for the node being bootstrapped."
|
166
|
-
|
167
|
-
# client.rb content via bootstrap_context
|
168
|
-
option :bootstrap_proxy_pass,
|
169
|
-
long: "--bootstrap-proxy-pass PROXY_PASS",
|
170
|
-
description: "The proxy authentication password for the node being bootstrapped."
|
171
|
-
|
172
|
-
# client.rb content via bootstrap_context
|
173
|
-
option :bootstrap_no_proxy,
|
174
|
-
long: "--bootstrap-no-proxy [NO_PROXY_URL|NO_PROXY_IP]",
|
175
|
-
description: "Do not proxy locations for the node being bootstrapped"
|
176
|
-
|
177
|
-
# client.rb content via bootstrap_context
|
178
|
-
option :bootstrap_template,
|
179
|
-
short: "-t TEMPLATE",
|
180
|
-
long: "--bootstrap-template TEMPLATE",
|
181
|
-
description: "Bootstrap #{ChefUtils::Dist::Infra::PRODUCT} using a built-in or custom template. Set to the full path of an erb template or use one of the built-in templates."
|
182
|
-
|
183
|
-
# client.rb content via bootstrap_context
|
184
|
-
option :node_ssl_verify_mode,
|
185
|
-
long: "--node-ssl-verify-mode [peer|none]",
|
186
|
-
description: "Whether or not to verify the SSL cert for all HTTPS requests.",
|
187
|
-
proc: Proc.new { |v|
|
188
|
-
valid_values = %w{none peer}
|
189
|
-
unless valid_values.include?(v)
|
190
|
-
raise "Invalid value '#{v}' for --node-ssl-verify-mode. Valid values are: #{valid_values.join(", ")}"
|
191
|
-
end
|
192
|
-
|
193
|
-
v
|
194
|
-
}
|
195
|
-
|
196
|
-
# bootstrap_context - client.rb
|
197
|
-
option :node_verify_api_cert,
|
198
|
-
long: "--[no-]node-verify-api-cert",
|
199
|
-
description: "Verify the SSL cert for HTTPS requests to the #{ChefUtils::Dist::Server::PRODUCT} API.",
|
200
|
-
boolean: true
|
201
|
-
|
202
|
-
# runtime - sudo settings (train handles sudo)
|
203
|
-
option :use_sudo,
|
204
|
-
long: "--sudo",
|
205
|
-
description: "Execute the bootstrap via sudo.",
|
206
|
-
boolean: true
|
207
|
-
|
208
|
-
# runtime - sudo settings (train handles sudo)
|
209
|
-
option :preserve_home,
|
210
|
-
long: "--sudo-preserve-home",
|
211
|
-
description: "Preserve non-root user HOME environment variable with sudo.",
|
212
|
-
boolean: true
|
213
|
-
|
214
|
-
# runtime - sudo settings (train handles sudo)
|
215
|
-
option :use_sudo_password,
|
216
|
-
long: "--use-sudo-password",
|
217
|
-
description: "Execute the bootstrap via sudo with password.",
|
218
|
-
boolean: false
|
219
|
-
|
220
|
-
# runtime - su user
|
221
|
-
option :su_user,
|
222
|
-
long: "--su-user NAME",
|
223
|
-
description: "The su - USER name to perform bootstrap command using a non-root user."
|
224
|
-
|
225
|
-
# runtime - su user password
|
226
|
-
option :su_password,
|
227
|
-
long: "--su-password PASSWORD",
|
228
|
-
description: "The su USER password for authentication."
|
229
|
-
|
230
|
-
# runtime - client_builder
|
231
|
-
option :chef_node_name,
|
232
|
-
short: "-N NAME",
|
233
|
-
long: "--node-name NAME",
|
234
|
-
description: "The node name for your new node."
|
235
|
-
|
236
|
-
# runtime - client_builder - set runlist when creating node
|
237
|
-
option :run_list,
|
238
|
-
short: "-r RUN_LIST",
|
239
|
-
long: "--run-list RUN_LIST",
|
240
|
-
description: "Comma separated list of roles/recipes to apply.",
|
241
|
-
proc: lambda { |o| o.split(/[\s,]+/) },
|
242
|
-
default: []
|
243
|
-
|
244
|
-
# runtime - client_builder - set policy name when creating node
|
245
|
-
option :policy_name,
|
246
|
-
long: "--policy-name POLICY_NAME",
|
247
|
-
description: "Policyfile name to use (--policy-group must also be given).",
|
248
|
-
default: nil
|
249
|
-
|
250
|
-
# runtime - client_builder - set policy group when creating node
|
251
|
-
option :policy_group,
|
252
|
-
long: "--policy-group POLICY_GROUP",
|
253
|
-
description: "Policy group name to use (--policy-name must also be given).",
|
254
|
-
default: nil
|
255
|
-
|
256
|
-
# runtime - client_builder - node tags
|
257
|
-
option :tags,
|
258
|
-
long: "--tags TAGS",
|
259
|
-
description: "Comma separated list of tags to apply to the node.",
|
260
|
-
proc: lambda { |o| o.split(/[\s,]+/) },
|
261
|
-
default: []
|
262
|
-
|
263
|
-
# bootstrap template
|
264
|
-
option :first_boot_attributes,
|
265
|
-
short: "-j JSON_ATTRIBS",
|
266
|
-
long: "--json-attributes",
|
267
|
-
description: "A JSON string to be added to the first run of #{ChefUtils::Dist::Infra::CLIENT}.",
|
268
|
-
proc: lambda { |o| Chef::JSONCompat.parse(o) },
|
269
|
-
default: nil
|
270
|
-
|
271
|
-
# bootstrap template
|
272
|
-
option :first_boot_attributes_from_file,
|
273
|
-
long: "--json-attribute-file FILE",
|
274
|
-
description: "A JSON file to be used to the first run of #{ChefUtils::Dist::Infra::CLIENT}.",
|
275
|
-
proc: lambda { |o| Chef::JSONCompat.parse(File.read(o)) },
|
276
|
-
default: nil
|
277
|
-
|
278
|
-
# bootstrap template
|
279
|
-
# Create ohai hints in /etc/chef/ohai/hints, fname=hintname, content=value
|
280
|
-
option :hints,
|
281
|
-
long: "--hint HINT_NAME[=HINT_FILE]",
|
282
|
-
description: "Specify an Ohai hint to be set on the bootstrap target. Use multiple --hint options to specify multiple hints.",
|
283
|
-
proc: Proc.new { |hint, accumulator|
|
284
|
-
accumulator ||= {}
|
285
|
-
name, path = hint.split("=", 2)
|
286
|
-
accumulator[name] = path ? Chef::JSONCompat.parse(::File.read(path)) : {}
|
287
|
-
accumulator
|
288
|
-
}
|
289
|
-
|
290
|
-
# bootstrap override: url of a an installer shell script to use in place of omnitruck
|
291
|
-
# Note that the bootstrap template _only_ references this out of Chef::Config, and not from
|
292
|
-
# the provided options to knife bootstrap, so we set the Chef::Config option here.
|
293
|
-
option :bootstrap_url,
|
294
|
-
long: "--bootstrap-url URL",
|
295
|
-
description: "URL to a custom installation script."
|
296
|
-
|
297
|
-
option :bootstrap_product,
|
298
|
-
long: "--bootstrap-product PRODUCT",
|
299
|
-
description: "Product to install.",
|
300
|
-
default: "chef"
|
301
|
-
|
302
|
-
option :msi_url, # Windows target only
|
303
|
-
short: "-m URL",
|
304
|
-
long: "--msi-url URL",
|
305
|
-
description: "Location of the #{ChefUtils::Dist::Infra::PRODUCT} MSI. The default templates will prefer to download from this location. The MSI will be downloaded from #{ChefUtils::Dist::Org::WEBSITE} if not provided (Windows).",
|
306
|
-
default: ""
|
307
|
-
|
308
|
-
# bootstrap override: Do this instead of our own setup.sh from omnitruck. Causes bootstrap_url to be ignored.
|
309
|
-
option :bootstrap_install_command,
|
310
|
-
long: "--bootstrap-install-command COMMANDS",
|
311
|
-
description: "Custom command to install #{ChefUtils::Dist::Infra::PRODUCT}."
|
312
|
-
|
313
|
-
# bootstrap template: Run this command first in the bootstrap script
|
314
|
-
option :bootstrap_preinstall_command,
|
315
|
-
long: "--bootstrap-preinstall-command COMMANDS",
|
316
|
-
description: "Custom commands to run before installing #{ChefUtils::Dist::Infra::PRODUCT}."
|
317
|
-
|
318
|
-
# bootstrap template
|
319
|
-
option :bootstrap_wget_options,
|
320
|
-
long: "--bootstrap-wget-options OPTIONS",
|
321
|
-
description: "Add options to wget when installing #{ChefUtils::Dist::Infra::PRODUCT}."
|
322
|
-
|
323
|
-
# bootstrap template
|
324
|
-
option :bootstrap_curl_options,
|
325
|
-
long: "--bootstrap-curl-options OPTIONS",
|
326
|
-
description: "Add options to curl when install #{ChefUtils::Dist::Infra::PRODUCT}."
|
327
|
-
|
328
|
-
# chef_vault_handler
|
329
|
-
option :bootstrap_vault_file,
|
330
|
-
long: "--bootstrap-vault-file VAULT_FILE",
|
331
|
-
description: "A JSON file with a list of vault(s) and item(s) to be updated."
|
332
|
-
|
333
|
-
# chef_vault_handler
|
334
|
-
option :bootstrap_vault_json,
|
335
|
-
long: "--bootstrap-vault-json VAULT_JSON",
|
336
|
-
description: "A JSON string with the vault(s) and item(s) to be updated."
|
337
|
-
|
338
|
-
# chef_vault_handler
|
339
|
-
option :bootstrap_vault_item,
|
340
|
-
long: "--bootstrap-vault-item VAULT_ITEM",
|
341
|
-
description: 'A single vault and item to update as "vault:item".',
|
342
|
-
proc: Proc.new { |i, accumulator|
|
343
|
-
(vault, item) = i.split(":")
|
344
|
-
accumulator ||= {}
|
345
|
-
accumulator[vault] ||= []
|
346
|
-
accumulator[vault].push(item)
|
347
|
-
accumulator
|
348
|
-
}
|
349
|
-
|
350
|
-
# Deprecated options. These must be declared after
|
351
|
-
# regular options because they refer to the replacement
|
352
|
-
# option definitions implicitly.
|
353
|
-
deprecated_option :auth_timeout,
|
354
|
-
replacement: :max_wait,
|
355
|
-
long: "--max-wait SECONDS"
|
356
|
-
|
357
|
-
deprecated_option :forward_agent,
|
358
|
-
replacement: :ssh_forward_agent,
|
359
|
-
boolean: true, long: "--forward-agent"
|
360
|
-
|
361
|
-
deprecated_option :host_key_verify,
|
362
|
-
replacement: :ssh_verify_host_key,
|
363
|
-
boolean: true, long: "--[no-]host-key-verify",
|
364
|
-
value_mapper: Proc.new { |verify| verify ? "always" : "never" }
|
365
|
-
|
366
|
-
deprecated_option :prerelease,
|
367
|
-
replacement: :channel,
|
368
|
-
long: "--prerelease",
|
369
|
-
boolean: true, value_mapper: Proc.new { "current" }
|
370
|
-
|
371
|
-
deprecated_option :ssh_user,
|
372
|
-
replacement: :connection_user,
|
373
|
-
long: "--ssh-user USERNAME"
|
374
|
-
|
375
|
-
deprecated_option :ssh_password,
|
376
|
-
replacement: :connection_password,
|
377
|
-
long: "--ssh-password PASSWORD"
|
378
|
-
|
379
|
-
deprecated_option :ssh_port,
|
380
|
-
replacement: :connection_port,
|
381
|
-
long: "--ssh-port PASSWORD"
|
382
|
-
|
383
|
-
deprecated_option :ssl_peer_fingerprint,
|
384
|
-
replacement: :winrm_ssl_peer_fingerprint,
|
385
|
-
long: "--ssl-peer-fingerprint FINGERPRINT"
|
386
|
-
|
387
|
-
deprecated_option :winrm_user,
|
388
|
-
replacement: :connection_user,
|
389
|
-
long: "--winrm-user USERNAME", short: "-x USERNAME"
|
390
|
-
|
391
|
-
deprecated_option :winrm_password,
|
392
|
-
replacement: :connection_password,
|
393
|
-
long: "--winrm-password PASSWORD"
|
394
|
-
|
395
|
-
deprecated_option :winrm_port,
|
396
|
-
replacement: :connection_port,
|
397
|
-
long: "--winrm-port PORT"
|
398
|
-
|
399
|
-
deprecated_option :winrm_authentication_protocol,
|
400
|
-
replacement: :winrm_auth_method,
|
401
|
-
long: "--winrm-authentication-protocol PROTOCOL"
|
402
|
-
|
403
|
-
deprecated_option :winrm_session_timeout,
|
404
|
-
replacement: :session_timeout,
|
405
|
-
long: "--winrm-session-timeout MINUTES"
|
406
|
-
|
407
|
-
deprecated_option :winrm_ssl_verify_mode,
|
408
|
-
replacement: :winrm_no_verify_cert,
|
409
|
-
long: "--winrm-ssl-verify-mode MODE"
|
410
|
-
|
411
|
-
deprecated_option :winrm_transport, replacement: :winrm_ssl,
|
412
|
-
long: "--winrm-transport TRANSPORT",
|
413
|
-
value_mapper: Proc.new { |value| value == "ssl" }
|
414
|
-
|
415
|
-
attr_reader :connection
|
416
|
-
|
417
|
-
deps do
|
418
|
-
require "erubis" unless defined?(Erubis)
|
419
|
-
|
420
|
-
require "net/ssh" unless defined?(Net::SSH)
|
421
|
-
require_relative "../json_compat"
|
422
|
-
require_relative "../util/path_helper"
|
423
|
-
require_relative "bootstrap/chef_vault_handler"
|
424
|
-
require_relative "bootstrap/client_builder"
|
425
|
-
require_relative "bootstrap/train_connector"
|
426
|
-
end
|
427
|
-
|
428
|
-
banner "knife bootstrap [PROTOCOL://][USER@]FQDN (options)"
|
429
|
-
|
430
|
-
def client_builder
|
431
|
-
@client_builder ||= Chef::Knife::Bootstrap::ClientBuilder.new(
|
432
|
-
chef_config: Chef::Config,
|
433
|
-
config: config,
|
434
|
-
ui: ui
|
435
|
-
)
|
436
|
-
end
|
437
|
-
|
438
|
-
def chef_vault_handler
|
439
|
-
@chef_vault_handler ||= Chef::Knife::Bootstrap::ChefVaultHandler.new(
|
440
|
-
config: config,
|
441
|
-
ui: ui
|
442
|
-
)
|
443
|
-
end
|
444
|
-
|
445
|
-
# Determine if we need to accept the Chef Infra license locally in order to successfully bootstrap
|
446
|
-
# the remote node. Remote 'chef-client' run will fail if it is >= 15 and the license is not accepted locally.
|
447
|
-
def check_license
|
448
|
-
Chef::Log.debug("Checking if we need to accept Chef license to bootstrap node")
|
449
|
-
version = config[:bootstrap_version] || Chef::VERSION.split(".").first
|
450
|
-
acceptor = LicenseAcceptance::Acceptor.new(logger: Chef::Log, provided: Chef::Config[:chef_license])
|
451
|
-
if acceptor.license_required?("chef", version)
|
452
|
-
Chef::Log.debug("License acceptance required for chef version: #{version}")
|
453
|
-
license_id = acceptor.id_from_mixlib("chef")
|
454
|
-
acceptor.check_and_persist(license_id, version)
|
455
|
-
Chef::Config[:chef_license] ||= acceptor.acceptance_value
|
456
|
-
end
|
457
|
-
end
|
458
|
-
|
459
|
-
# The default bootstrap template to use to bootstrap a server.
|
460
|
-
# This is a public API hook which knife plugins use or inherit and override.
|
461
|
-
#
|
462
|
-
# @return [String] Default bootstrap template
|
463
|
-
def default_bootstrap_template
|
464
|
-
if connection.windows?
|
465
|
-
"windows-chef-client-msi"
|
466
|
-
else
|
467
|
-
"chef-full"
|
468
|
-
end
|
469
|
-
end
|
470
|
-
|
471
|
-
def host_descriptor
|
472
|
-
Array(@name_args).first
|
473
|
-
end
|
474
|
-
|
475
|
-
# The server_name is the DNS or IP we are going to connect to, it is not necessarily
|
476
|
-
# the node name, the fqdn, or the hostname of the server. This is a public API hook
|
477
|
-
# which knife plugins use or inherit and override.
|
478
|
-
#
|
479
|
-
# @return [String] The DNS or IP that bootstrap will connect to
|
480
|
-
def server_name
|
481
|
-
if host_descriptor
|
482
|
-
@server_name ||= host_descriptor.split("@").reverse[0]
|
483
|
-
end
|
484
|
-
end
|
485
|
-
|
486
|
-
# @return [String] The CLI specific bootstrap template or the default
|
487
|
-
def bootstrap_template
|
488
|
-
# Allow passing a bootstrap template or use the default
|
489
|
-
config[:bootstrap_template] || default_bootstrap_template
|
490
|
-
end
|
491
|
-
|
492
|
-
def find_template
|
493
|
-
template = bootstrap_template
|
494
|
-
|
495
|
-
# Use the template directly if it's a path to an actual file
|
496
|
-
if File.exist?(template)
|
497
|
-
Chef::Log.trace("Using the specified bootstrap template: #{File.dirname(template)}")
|
498
|
-
return template
|
499
|
-
end
|
500
|
-
|
501
|
-
# Otherwise search the template directories until we find the right one
|
502
|
-
bootstrap_files = []
|
503
|
-
bootstrap_files << File.join(__dir__, "bootstrap/templates", "#{template}.erb")
|
504
|
-
bootstrap_files << File.join(Knife.chef_config_dir, "bootstrap", "#{template}.erb") if Chef::Knife.chef_config_dir
|
505
|
-
Chef::Util::PathHelper.home(".chef", "bootstrap", "#{template}.erb") { |p| bootstrap_files << p }
|
506
|
-
bootstrap_files << Gem.find_files(File.join("chef", "knife", "bootstrap", "#{template}.erb"))
|
507
|
-
bootstrap_files.flatten!
|
508
|
-
|
509
|
-
template_file = Array(bootstrap_files).find do |bootstrap_template|
|
510
|
-
Chef::Log.trace("Looking for bootstrap template in #{File.dirname(bootstrap_template)}")
|
511
|
-
File.exist?(bootstrap_template)
|
512
|
-
end
|
513
|
-
|
514
|
-
unless template_file
|
515
|
-
ui.info("Can not find bootstrap definition for #{template}")
|
516
|
-
raise Errno::ENOENT
|
517
|
-
end
|
518
|
-
|
519
|
-
Chef::Log.trace("Found bootstrap template: #{template_file}")
|
520
|
-
|
521
|
-
template_file
|
522
|
-
end
|
523
|
-
|
524
|
-
def secret
|
525
|
-
@secret ||= encryption_secret_provided_ignore_encrypt_flag? ? read_secret : nil
|
526
|
-
end
|
527
|
-
|
528
|
-
# Establish bootstrap context for template rendering.
|
529
|
-
# Requires connection to be a live connection in order to determine
|
530
|
-
# the correct platform.
|
531
|
-
def bootstrap_context
|
532
|
-
@bootstrap_context ||=
|
533
|
-
if connection.windows?
|
534
|
-
require_relative "core/windows_bootstrap_context"
|
535
|
-
Knife::Core::WindowsBootstrapContext.new(config, config[:run_list], Chef::Config, secret)
|
536
|
-
else
|
537
|
-
require_relative "core/bootstrap_context"
|
538
|
-
Knife::Core::BootstrapContext.new(config, config[:run_list], Chef::Config, secret)
|
539
|
-
end
|
540
|
-
end
|
541
|
-
|
542
|
-
def first_boot_attributes
|
543
|
-
@config[:first_boot_attributes] || @config[:first_boot_attributes_from_file] || {}
|
544
|
-
end
|
545
|
-
|
546
|
-
def render_template
|
547
|
-
@config[:first_boot_attributes] = first_boot_attributes
|
548
|
-
template_file = find_template
|
549
|
-
template = IO.read(template_file).chomp
|
550
|
-
Erubis::Eruby.new(template).evaluate(bootstrap_context)
|
551
|
-
end
|
552
|
-
|
553
|
-
def run
|
554
|
-
check_license if ChefUtils::Dist::Org::ENFORCE_LICENSE
|
555
|
-
|
556
|
-
plugin_setup!
|
557
|
-
validate_name_args!
|
558
|
-
validate_protocol!
|
559
|
-
validate_first_boot_attributes!
|
560
|
-
validate_winrm_transport_opts!
|
561
|
-
validate_policy_options!
|
562
|
-
plugin_validate_options!
|
563
|
-
|
564
|
-
winrm_warn_no_ssl_verification
|
565
|
-
warn_on_short_session_timeout
|
566
|
-
|
567
|
-
plugin_create_instance!
|
568
|
-
$stdout.sync = true
|
569
|
-
connect!
|
570
|
-
register_client
|
571
|
-
|
572
|
-
content = render_template
|
573
|
-
bootstrap_path = upload_bootstrap(content)
|
574
|
-
perform_bootstrap(bootstrap_path)
|
575
|
-
plugin_finalize
|
576
|
-
ensure
|
577
|
-
connection.del_file!(bootstrap_path) if connection && bootstrap_path
|
578
|
-
end
|
579
|
-
|
580
|
-
def register_client
|
581
|
-
# chef-vault integration must use the new client-side hawtness, otherwise to use the
|
582
|
-
# new client-side hawtness, just delete your validation key.
|
583
|
-
if chef_vault_handler.doing_chef_vault? ||
|
584
|
-
(Chef::Config[:validation_key] &&
|
585
|
-
!File.exist?(File.expand_path(Chef::Config[:validation_key])))
|
586
|
-
|
587
|
-
unless config[:chef_node_name]
|
588
|
-
ui.error("You must pass a node name with -N when bootstrapping with user credentials")
|
589
|
-
exit 1
|
590
|
-
end
|
591
|
-
client_builder.run
|
592
|
-
chef_vault_handler.run(client_builder.client)
|
593
|
-
|
594
|
-
bootstrap_context.client_pem = client_builder.client_path
|
595
|
-
else
|
596
|
-
ui.warn "Performing legacy client registration with the validation key at #{Chef::Config[:validation_key]}..."
|
597
|
-
ui.warn "Remove the key file or remove the 'validation_key' configuration option from your config.rb (knife.rb) to use more secure user credentials for client registration."
|
598
|
-
end
|
599
|
-
end
|
600
|
-
|
601
|
-
def perform_bootstrap(remote_bootstrap_script_path)
|
602
|
-
ui.info("Bootstrapping #{ui.color(server_name, :bold)}")
|
603
|
-
cmd = bootstrap_command(remote_bootstrap_script_path)
|
604
|
-
bootstrap_run_command(cmd)
|
605
|
-
end
|
606
|
-
|
607
|
-
# Actual bootstrap command to be run on the node.
|
608
|
-
# Handles recursive calls if su USER failed to authenticate.
|
609
|
-
def bootstrap_run_command(cmd)
|
610
|
-
r = connection.run_command(cmd) do |data, channel|
|
611
|
-
ui.msg("#{ui.color(" [#{connection.hostname}]", :cyan)} #{data}")
|
612
|
-
channel.send_data("#{config[:su_password] || config[:connection_password]}\n") if data.match?("Password:")
|
613
|
-
end
|
614
|
-
|
615
|
-
if r.exit_status != 0
|
616
|
-
ui.error("The following error occurred on #{server_name}:")
|
617
|
-
ui.error("#{r.stdout} #{r.stderr}".strip)
|
618
|
-
exit(r.exit_status)
|
619
|
-
end
|
620
|
-
rescue Train::UserError => e
|
621
|
-
limit ||= 0
|
622
|
-
if e.reason == :bad_su_user_password && limit < 3
|
623
|
-
limit += 1
|
624
|
-
ui.warn("Failed to authenticate su - #{config[:su_user]} to #{server_name}")
|
625
|
-
config[:su_password] = ui.ask("Enter password for su - #{config[:su_user]}@#{server_name}:", echo: false)
|
626
|
-
retry
|
627
|
-
else
|
628
|
-
raise
|
629
|
-
end
|
630
|
-
end
|
631
|
-
|
632
|
-
def connect!
|
633
|
-
ui.info("Connecting to #{ui.color(server_name, :bold)} using #{connection_protocol}")
|
634
|
-
opts ||= connection_opts.dup
|
635
|
-
do_connect(opts)
|
636
|
-
rescue Train::Error => e
|
637
|
-
# We handle these by message text only because train only loads the
|
638
|
-
# transports and protocols that it needs - so the exceptions may not be defined,
|
639
|
-
# and we don't want to require files internal to train.
|
640
|
-
if e.message =~ /fingerprint (\S+) is unknown for "(.+)"/ # Train::Transports::SSHFailed
|
641
|
-
fingerprint = $1
|
642
|
-
hostname, ip = $2.split(",")
|
643
|
-
# TODO: convert the SHA256 base64 value to hex with colons
|
644
|
-
# 'ssh' example output:
|
645
|
-
# RSA key fingerprint is e5:cb:c0:e2:21:3b:12:52:f8:ce:cb:00:24:e2:0c:92.
|
646
|
-
# ECDSA key fingerprint is 5d:67:61:08:a9:d7:01:fd:5e:ae:7e:09:40:ef:c0:3c.
|
647
|
-
# will exit 3 on N
|
648
|
-
ui.confirm <<~EOM
|
649
|
-
The authenticity of host '#{hostname} (#{ip})' can't be established.
|
650
|
-
fingerprint is #{fingerprint}.
|
651
|
-
|
652
|
-
Are you sure you want to continue connecting
|
653
|
-
EOM
|
654
|
-
# FIXME: this should save the key to known_hosts but doesn't appear to be
|
655
|
-
config[:ssh_verify_host_key] = :accept_new
|
656
|
-
conn_opts = connection_opts(reset: true)
|
657
|
-
opts.merge! conn_opts
|
658
|
-
retry
|
659
|
-
elsif (ssh? && e.cause && e.cause.class == Net::SSH::AuthenticationFailed) || (ssh? && e.class == Train::ClientError && e.reason == :no_ssh_password_or_key_available)
|
660
|
-
if connection.password_auth?
|
661
|
-
raise
|
662
|
-
else
|
663
|
-
ui.warn("Failed to authenticate #{opts[:user]} to #{server_name} - trying password auth")
|
664
|
-
password = ui.ask("Enter password for #{opts[:user]}@#{server_name}:", echo: false)
|
665
|
-
end
|
666
|
-
|
667
|
-
opts.merge! force_ssh_password_opts(password)
|
668
|
-
retry
|
669
|
-
else
|
670
|
-
raise
|
671
|
-
end
|
672
|
-
rescue RuntimeError => e
|
673
|
-
if winrm? && e.message == "password is a required option"
|
674
|
-
if connection.password_auth?
|
675
|
-
raise
|
676
|
-
else
|
677
|
-
ui.warn("Failed to authenticate #{opts[:user]} to #{server_name} - trying password auth")
|
678
|
-
password = ui.ask("Enter password for #{opts[:user]}@#{server_name}:", echo: false)
|
679
|
-
end
|
680
|
-
|
681
|
-
opts.merge! force_winrm_password_opts(password)
|
682
|
-
retry
|
683
|
-
else
|
684
|
-
raise
|
685
|
-
end
|
686
|
-
end
|
687
|
-
|
688
|
-
def handle_ssh_error(e); end
|
689
|
-
|
690
|
-
# url values override CLI flags, if you provide both
|
691
|
-
# we'll use the one that you gave in the URL.
|
692
|
-
def connection_protocol
|
693
|
-
return @connection_protocol if @connection_protocol
|
694
|
-
|
695
|
-
from_url = host_descriptor =~ %r{^(.*)://} ? $1 : nil
|
696
|
-
from_knife = config[:connection_protocol]
|
697
|
-
@connection_protocol = from_url || from_knife || "ssh"
|
698
|
-
end
|
699
|
-
|
700
|
-
def do_connect(conn_options)
|
701
|
-
@connection = TrainConnector.new(host_descriptor, connection_protocol, conn_options)
|
702
|
-
connection.connect!
|
703
|
-
rescue Train::UserError => e
|
704
|
-
limit ||= 1
|
705
|
-
if !conn_options.key?(:pty) && e.reason == :sudo_no_tty
|
706
|
-
ui.warn("#{e.message} - trying with pty request")
|
707
|
-
conn_options[:pty] = true # ensure we can talk to systems with requiretty set true in sshd config
|
708
|
-
retry
|
709
|
-
elsif config[:use_sudo_password] && (e.reason == :sudo_password_required || e.reason == :bad_sudo_password) && limit < 3
|
710
|
-
ui.warn("Failed to authenticate #{conn_options[:user]} to #{server_name} - #{e.message} \n sudo: #{limit} incorrect password attempt")
|
711
|
-
sudo_password = ui.ask("Enter sudo password for #{conn_options[:user]}@#{server_name}:", echo: false)
|
712
|
-
limit += 1
|
713
|
-
conn_options[:sudo_password] = sudo_password
|
714
|
-
|
715
|
-
retry
|
716
|
-
else
|
717
|
-
raise
|
718
|
-
end
|
719
|
-
end
|
720
|
-
|
721
|
-
# Fail if both first_boot_attributes and first_boot_attributes_from_file
|
722
|
-
# are set.
|
723
|
-
def validate_first_boot_attributes!
|
724
|
-
if @config[:first_boot_attributes] && @config[:first_boot_attributes_from_file]
|
725
|
-
raise Chef::Exceptions::BootstrapCommandInputError
|
726
|
-
end
|
727
|
-
|
728
|
-
true
|
729
|
-
end
|
730
|
-
|
731
|
-
# FIXME: someone needs to clean this up properly: https://github.com/chef/chef/issues/9645
|
732
|
-
# This code is deliberately left without an abstraction around deprecating the config options to avoid knife plugins from
|
733
|
-
# using those methods (which will need to be deprecated and break them) via inheritance (ruby does not have a true `private`
|
734
|
-
# so the lack of any inheritable implementation is because of that).
|
735
|
-
#
|
736
|
-
def winrm_auth_method
|
737
|
-
config.key?(:winrm_auth_method) ? config[:winrm_auth_method] : config.key?(:winrm_authentications_protocol) ? config[:winrm_authentication_protocol] : "negotiate" # rubocop:disable Style/NestedTernaryOperator
|
738
|
-
end
|
739
|
-
|
740
|
-
def ssh_verify_host_key
|
741
|
-
config.key?(:ssh_verify_host_key) ? config[:ssh_verify_host_key] : config.key?(:host_key_verify) ? config[:host_key_verify] : "always" # rubocop:disable Style/NestedTernaryOperator
|
742
|
-
end
|
743
|
-
|
744
|
-
# Fail if using plaintext auth without ssl because
|
745
|
-
# this can expose keys in plaintext on the wire.
|
746
|
-
# TODO test for this method
|
747
|
-
# TODO check that the protocol is valid.
|
748
|
-
def validate_winrm_transport_opts!
|
749
|
-
return true unless winrm?
|
750
|
-
|
751
|
-
if Chef::Config[:validation_key] && !File.exist?(File.expand_path(Chef::Config[:validation_key]))
|
752
|
-
if winrm_auth_method == "plaintext" &&
|
753
|
-
config[:winrm_ssl] != true
|
754
|
-
ui.error <<~EOM
|
755
|
-
Validatorless bootstrap over unsecure winrm channels could expose your
|
756
|
-
key to network sniffing.
|
757
|
-
Please use a 'winrm_auth_method' other than 'plaintext',
|
758
|
-
or enable ssl on #{server_name} then use the ---winrm-ssl flag
|
759
|
-
to connect.
|
760
|
-
EOM
|
761
|
-
|
762
|
-
exit 1
|
763
|
-
end
|
764
|
-
end
|
765
|
-
true
|
766
|
-
end
|
767
|
-
|
768
|
-
# fail if the server_name is nil
|
769
|
-
def validate_name_args!
|
770
|
-
if server_name.nil?
|
771
|
-
ui.error("Must pass an FQDN or ip to bootstrap")
|
772
|
-
exit 1
|
773
|
-
end
|
774
|
-
end
|
775
|
-
|
776
|
-
# Ensure options are valid by checking policyfile values.
|
777
|
-
#
|
778
|
-
# The method call will cause the program to exit(1) if:
|
779
|
-
# * Only one of --policy-name and --policy-group is specified
|
780
|
-
# * Policyfile options are set and --run-list is set as well
|
781
|
-
#
|
782
|
-
# @return [TrueClass] If options are valid.
|
783
|
-
def validate_policy_options!
|
784
|
-
if incomplete_policyfile_options?
|
785
|
-
ui.error("--policy-name and --policy-group must be specified together")
|
786
|
-
exit 1
|
787
|
-
elsif policyfile_and_run_list_given?
|
788
|
-
ui.error("Policyfile options and --run-list are exclusive")
|
789
|
-
exit 1
|
790
|
-
end
|
791
|
-
end
|
792
|
-
|
793
|
-
# Ensure a valid protocol is provided for target host connection
|
794
|
-
#
|
795
|
-
# The method call will cause the program to exit(1) if:
|
796
|
-
# * Conflicting protocols are given via the target URI and the --protocol option
|
797
|
-
# * The protocol is not a supported protocol
|
798
|
-
#
|
799
|
-
# @return [TrueClass] If options are valid.
|
800
|
-
def validate_protocol!
|
801
|
-
from_cli = config[:connection_protocol]
|
802
|
-
if from_cli && connection_protocol != from_cli
|
803
|
-
# Hanging indent to align with the ERROR: prefix
|
804
|
-
ui.error <<~EOM
|
805
|
-
The URL '#{host_descriptor}' indicates protocol is '#{connection_protocol}'
|
806
|
-
while the --protocol flag specifies '#{from_cli}'. Please include
|
807
|
-
only one or the other.
|
808
|
-
EOM
|
809
|
-
exit 1
|
810
|
-
end
|
811
|
-
|
812
|
-
unless SUPPORTED_CONNECTION_PROTOCOLS.include?(connection_protocol)
|
813
|
-
ui.error <<~EOM
|
814
|
-
Unsupported protocol '#{connection_protocol}'.
|
815
|
-
|
816
|
-
Supported protocols are: #{SUPPORTED_CONNECTION_PROTOCOLS.join(" ")}
|
817
|
-
EOM
|
818
|
-
exit 1
|
819
|
-
end
|
820
|
-
true
|
821
|
-
end
|
822
|
-
|
823
|
-
# Validate any additional options
|
824
|
-
#
|
825
|
-
# Plugins that subclass bootstrap, e.g. knife-ec2, can use this method to validate any additional options before any other actions are executed
|
826
|
-
#
|
827
|
-
# @return [TrueClass] If options are valid or exits
|
828
|
-
def plugin_validate_options!
|
829
|
-
true
|
830
|
-
end
|
831
|
-
|
832
|
-
# Create the server that we will bootstrap, if necessary
|
833
|
-
#
|
834
|
-
# Plugins that subclass bootstrap, e.g. knife-ec2, can use this method to call out to an API to build an instance of the server we wish to bootstrap
|
835
|
-
#
|
836
|
-
# @return [TrueClass] If instance successfully created, or exits
|
837
|
-
def plugin_create_instance!
|
838
|
-
true
|
839
|
-
end
|
840
|
-
|
841
|
-
# Perform any setup necessary by the plugin
|
842
|
-
#
|
843
|
-
# Plugins that subclass bootstrap, e.g. knife-ec2, can use this method to create connection objects
|
844
|
-
#
|
845
|
-
# @return [TrueClass] If instance successfully created, or exits
|
846
|
-
def plugin_setup!; end
|
847
|
-
|
848
|
-
# Perform any teardown or cleanup necessary by the plugin
|
849
|
-
#
|
850
|
-
# Plugins that subclass bootstrap, e.g. knife-ec2, can use this method to display a message or perform any cleanup
|
851
|
-
#
|
852
|
-
# @return [void]
|
853
|
-
def plugin_finalize; end
|
854
|
-
|
855
|
-
# If session_timeout is too short, it is likely
|
856
|
-
# a holdover from "--winrm-session-timeout" which used
|
857
|
-
# minutes as its unit, instead of seconds.
|
858
|
-
# Warn the human so that they are not surprised.
|
859
|
-
#
|
860
|
-
def warn_on_short_session_timeout
|
861
|
-
if session_timeout && session_timeout <= 15
|
862
|
-
ui.warn <<~EOM
|
863
|
-
You provided '--session-timeout #{session_timeout}' second(s).
|
864
|
-
Did you mean '--session-timeout #{session_timeout * 60}' seconds?
|
865
|
-
EOM
|
866
|
-
end
|
867
|
-
end
|
868
|
-
|
869
|
-
def winrm_warn_no_ssl_verification
|
870
|
-
return unless winrm?
|
871
|
-
|
872
|
-
# REVIEWER NOTE
|
873
|
-
# The original check from knife plugin did not include winrm_ssl_peer_fingerprint
|
874
|
-
# Reference:
|
875
|
-
# https://github.com/chef/knife-windows/blob/92d151298142be4a4750c5b54bb264f8d5b81b8a/lib/chef/knife/winrm_knife_base.rb#L271-L273
|
876
|
-
# TODO Seems like we should also do a similar warning if ssh_verify_host == false
|
877
|
-
if config[:ca_trust_file].nil? &&
|
878
|
-
config[:winrm_no_verify_cert] &&
|
879
|
-
config[:winrm_ssl_peer_fingerprint].nil?
|
880
|
-
ui.warn <<~WARN
|
881
|
-
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
|
882
|
-
SSL validation of HTTPS requests for the WinRM transport is disabled.
|
883
|
-
HTTPS WinRM connections are still encrypted, but knife is not able
|
884
|
-
to detect forged replies or spoofing attacks.
|
885
|
-
|
886
|
-
To work around this issue you can use the flag `--winrm-no-verify-cert`
|
887
|
-
or add an entry like this to your knife configuration file:
|
888
|
-
|
889
|
-
# Verify all WinRM HTTPS connections
|
890
|
-
knife[:winrm_no_verify_cert] = true
|
891
|
-
|
892
|
-
You can also specify a ca_trust_file via --ca-trust-file,
|
893
|
-
or the expected fingerprint of the target host's certificate
|
894
|
-
via --winrm-ssl-peer-fingerprint.
|
895
|
-
WARN
|
896
|
-
end
|
897
|
-
end
|
898
|
-
|
899
|
-
# @return a configuration hash suitable for connecting to the remote
|
900
|
-
# host via train
|
901
|
-
def connection_opts(reset: false)
|
902
|
-
return @connection_opts unless @connection_opts.nil? || reset == true
|
903
|
-
|
904
|
-
@connection_opts = {}
|
905
|
-
@connection_opts.merge! base_opts
|
906
|
-
@connection_opts.merge! host_verify_opts
|
907
|
-
@connection_opts.merge! gateway_opts
|
908
|
-
@connection_opts.merge! sudo_opts
|
909
|
-
@connection_opts.merge! winrm_opts
|
910
|
-
@connection_opts.merge! ssh_opts
|
911
|
-
@connection_opts.merge! ssh_identity_opts
|
912
|
-
@connection_opts
|
913
|
-
end
|
914
|
-
|
915
|
-
def winrm?
|
916
|
-
connection_protocol == "winrm"
|
917
|
-
end
|
918
|
-
|
919
|
-
def ssh?
|
920
|
-
connection_protocol == "ssh"
|
921
|
-
end
|
922
|
-
|
923
|
-
# Common configuration for all protocols
|
924
|
-
def base_opts
|
925
|
-
port = config_for_protocol(:port)
|
926
|
-
user = config_for_protocol(:user)
|
927
|
-
{}.tap do |opts|
|
928
|
-
opts[:logger] = Chef::Log
|
929
|
-
opts[:password] = config[:connection_password] if config.key?(:connection_password)
|
930
|
-
opts[:user] = user if user
|
931
|
-
opts[:max_wait_until_ready] = config[:max_wait].to_f unless config[:max_wait].nil?
|
932
|
-
# TODO - when would we need to provide rdp_port vs port? Or are they not mutually exclusive?
|
933
|
-
opts[:port] = port if port
|
934
|
-
end
|
935
|
-
end
|
936
|
-
|
937
|
-
def host_verify_opts
|
938
|
-
if winrm?
|
939
|
-
{ self_signed: config[:winrm_no_verify_cert] === true }
|
940
|
-
elsif ssh?
|
941
|
-
# Fall back to the old knife config key name for back compat.
|
942
|
-
{ verify_host_key: ssh_verify_host_key }
|
943
|
-
else
|
944
|
-
{}
|
945
|
-
end
|
946
|
-
end
|
947
|
-
|
948
|
-
def ssh_opts
|
949
|
-
opts = {}
|
950
|
-
return opts if winrm?
|
951
|
-
|
952
|
-
opts[:non_interactive] = true # Prevent password prompts from underlying net/ssh
|
953
|
-
opts[:forward_agent] = (config[:ssh_forward_agent] === true)
|
954
|
-
opts[:connection_timeout] = session_timeout
|
955
|
-
opts
|
956
|
-
end
|
957
|
-
|
958
|
-
def ssh_identity_opts
|
959
|
-
opts = {}
|
960
|
-
return opts if winrm?
|
961
|
-
|
962
|
-
identity_file = config[:ssh_identity_file]
|
963
|
-
if identity_file
|
964
|
-
opts[:key_files] = [identity_file]
|
965
|
-
# We only set keys_only based on the explicit ssh_identity_file;
|
966
|
-
# someone may use a gateway key and still expect password auth
|
967
|
-
# on the target. Similarly, someone may have a default key specified
|
968
|
-
# in knife config, but have provided a password on the CLI.
|
969
|
-
|
970
|
-
# REVIEW NOTE: this is a new behavior. Originally, ssh_identity_file
|
971
|
-
# could only be populated from CLI options, so there was no need to check
|
972
|
-
# for this. We will also set keys_only to false only if there are keys
|
973
|
-
# and no password.
|
974
|
-
# If both are present, train(via net/ssh) will prefer keys, falling back to password.
|
975
|
-
# Reference: https://github.com/chef/chef/blob/master/lib/chef/knife/ssh.rb#L272
|
976
|
-
opts[:keys_only] = config.key?(:connection_password) == false
|
977
|
-
else
|
978
|
-
opts[:key_files] = []
|
979
|
-
opts[:keys_only] = false
|
980
|
-
end
|
981
|
-
|
982
|
-
gateway_identity_file = config[:ssh_gateway] ? config[:ssh_gateway_identity] : nil
|
983
|
-
unless gateway_identity_file.nil?
|
984
|
-
opts[:key_files] << gateway_identity_file
|
985
|
-
end
|
986
|
-
|
987
|
-
opts
|
988
|
-
end
|
989
|
-
|
990
|
-
def gateway_opts
|
991
|
-
opts = {}
|
992
|
-
if config[:ssh_gateway]
|
993
|
-
split = config[:ssh_gateway].split("@", 2)
|
994
|
-
if split.length == 1
|
995
|
-
gw_host = split[0]
|
996
|
-
else
|
997
|
-
gw_user = split[0]
|
998
|
-
gw_host = split[1]
|
999
|
-
end
|
1000
|
-
gw_host, gw_port = gw_host.split(":", 2)
|
1001
|
-
# TODO - validate convertible port in config validation?
|
1002
|
-
gw_port = Integer(gw_port) rescue nil
|
1003
|
-
opts[:bastion_host] = gw_host
|
1004
|
-
opts[:bastion_user] = gw_user
|
1005
|
-
opts[:bastion_port] = gw_port
|
1006
|
-
end
|
1007
|
-
opts
|
1008
|
-
end
|
1009
|
-
|
1010
|
-
# use_sudo - tells bootstrap to use the sudo command to run bootstrap
|
1011
|
-
# use_sudo_password - tells bootstrap to use the sudo command to run bootstrap
|
1012
|
-
# and to use the password specified with --password
|
1013
|
-
# TODO: I'd like to make our sudo options sane:
|
1014
|
-
# --sudo (bool) - use sudo
|
1015
|
-
# --sudo-password PASSWORD (default: :password) - use this password for sudo
|
1016
|
-
# --sudo-options "opt,opt,opt" to pass into sudo
|
1017
|
-
# --sudo-command COMMAND sudo command other than sudo
|
1018
|
-
# REVIEW NOTE: knife bootstrap did not pull sudo values from Chef::Config,
|
1019
|
-
# should we change that for consistency?
|
1020
|
-
def sudo_opts
|
1021
|
-
return {} if winrm?
|
1022
|
-
|
1023
|
-
opts = { sudo: false }
|
1024
|
-
if config[:use_sudo]
|
1025
|
-
opts[:sudo] = true
|
1026
|
-
if config[:use_sudo_password]
|
1027
|
-
opts[:sudo_password] = config[:connection_password]
|
1028
|
-
end
|
1029
|
-
if config[:preserve_home]
|
1030
|
-
opts[:sudo_options] = "-H"
|
1031
|
-
end
|
1032
|
-
end
|
1033
|
-
opts
|
1034
|
-
end
|
1035
|
-
|
1036
|
-
def winrm_opts
|
1037
|
-
return {} unless winrm?
|
1038
|
-
|
1039
|
-
opts = {
|
1040
|
-
winrm_transport: winrm_auth_method, # winrm gem and train calls auth method 'transport'
|
1041
|
-
winrm_basic_auth_only: config[:winrm_basic_auth_only] || false,
|
1042
|
-
ssl: config[:winrm_ssl] === true,
|
1043
|
-
ssl_peer_fingerprint: config[:winrm_ssl_peer_fingerprint],
|
1044
|
-
}
|
1045
|
-
|
1046
|
-
if winrm_auth_method == "kerberos"
|
1047
|
-
opts[:kerberos_service] = config[:kerberos_service] if config[:kerberos_service]
|
1048
|
-
opts[:kerberos_realm] = config[:kerberos_realm] if config[:kerberos_service]
|
1049
|
-
end
|
1050
|
-
|
1051
|
-
if config[:ca_trust_file]
|
1052
|
-
opts[:ca_trust_path] = config[:ca_trust_file]
|
1053
|
-
end
|
1054
|
-
|
1055
|
-
opts[:operation_timeout] = session_timeout
|
1056
|
-
|
1057
|
-
opts
|
1058
|
-
end
|
1059
|
-
|
1060
|
-
# Config overrides to force password auth.
|
1061
|
-
def force_ssh_password_opts(password)
|
1062
|
-
{
|
1063
|
-
password: password,
|
1064
|
-
non_interactive: false,
|
1065
|
-
keys_only: false,
|
1066
|
-
key_files: [],
|
1067
|
-
auth_methods: %i{password keyboard_interactive},
|
1068
|
-
}
|
1069
|
-
end
|
1070
|
-
|
1071
|
-
def force_winrm_password_opts(password)
|
1072
|
-
{
|
1073
|
-
password: password,
|
1074
|
-
}
|
1075
|
-
end
|
1076
|
-
|
1077
|
-
# This is for deprecating config options. The fallback_key can be used
|
1078
|
-
# to pull an old knife config option out of the config file when the
|
1079
|
-
# cli value has been renamed. This is different from the deprecated
|
1080
|
-
# cli values, since these are for config options that have no corresponding
|
1081
|
-
# cli value.
|
1082
|
-
#
|
1083
|
-
# DO NOT USE - this whole API is considered deprecated
|
1084
|
-
#
|
1085
|
-
# @api deprecated
|
1086
|
-
#
|
1087
|
-
def config_value(key, fallback_key = nil, default = nil)
|
1088
|
-
Chef.deprecated(:knife_bootstrap_apis, "Use of config_value is deprecated. Knife plugin authors should access the config hash directly, which does correct merging of cli and config options.")
|
1089
|
-
if config.key?(key)
|
1090
|
-
# the first key is the primary key so we check the merged hash first
|
1091
|
-
config[key]
|
1092
|
-
elsif config.key?(fallback_key)
|
1093
|
-
# we get the old config option here (the deprecated cli option shouldn't exist)
|
1094
|
-
config[fallback_key]
|
1095
|
-
else
|
1096
|
-
default
|
1097
|
-
end
|
1098
|
-
end
|
1099
|
-
|
1100
|
-
def upload_bootstrap(content)
|
1101
|
-
script_name = connection.windows? ? "bootstrap.bat" : "bootstrap.sh"
|
1102
|
-
remote_path = connection.normalize_path(File.join(connection.temp_dir, script_name))
|
1103
|
-
connection.upload_file_content!(content, remote_path)
|
1104
|
-
remote_path
|
1105
|
-
end
|
1106
|
-
|
1107
|
-
# build the command string for bootstrapping
|
1108
|
-
# @return String
|
1109
|
-
def bootstrap_command(remote_path)
|
1110
|
-
if connection.windows?
|
1111
|
-
"cmd.exe /C #{remote_path}"
|
1112
|
-
else
|
1113
|
-
cmd = "sh #{remote_path}"
|
1114
|
-
|
1115
|
-
if config[:su_user]
|
1116
|
-
# su - USER is subject to required an interactive console
|
1117
|
-
# Otherwise, it will raise: su: must be run from a terminal
|
1118
|
-
set_transport_options(pty: true)
|
1119
|
-
cmd = "su - #{config[:su_user]} -c '#{cmd}'"
|
1120
|
-
cmd = "sudo " << cmd if config[:use_sudo]
|
1121
|
-
end
|
1122
|
-
|
1123
|
-
cmd
|
1124
|
-
end
|
1125
|
-
end
|
1126
|
-
|
1127
|
-
private
|
1128
|
-
|
1129
|
-
# To avoid cluttering the CLI options, some flags (such as port and user)
|
1130
|
-
# are shared between protocols. However, there is still a need to allow the operator
|
1131
|
-
# to specify defaults separately, since they may not be the same values for different
|
1132
|
-
# protocols.
|
1133
|
-
|
1134
|
-
# These keys are available in Chef::Config, and are prefixed with the protocol name.
|
1135
|
-
# For example, :user CLI option will map to :winrm_user and :ssh_user Chef::Config keys,
|
1136
|
-
# based on the connection protocol in use.
|
1137
|
-
|
1138
|
-
# @api private
|
1139
|
-
def config_for_protocol(option)
|
1140
|
-
if option == :port
|
1141
|
-
config[:connection_port] || config[knife_key_for_protocol(option)]
|
1142
|
-
else
|
1143
|
-
config[:connection_user] || config[knife_key_for_protocol(option)]
|
1144
|
-
end
|
1145
|
-
end
|
1146
|
-
|
1147
|
-
# @api private
|
1148
|
-
def knife_key_for_protocol(option)
|
1149
|
-
"#{connection_protocol}_#{option}".to_sym
|
1150
|
-
end
|
1151
|
-
|
1152
|
-
# True if policy_name and run_list are both given
|
1153
|
-
def policyfile_and_run_list_given?
|
1154
|
-
run_list_given? && policyfile_options_given?
|
1155
|
-
end
|
1156
|
-
|
1157
|
-
def run_list_given?
|
1158
|
-
!config[:run_list].nil? && !config[:run_list].empty?
|
1159
|
-
end
|
1160
|
-
|
1161
|
-
def policyfile_options_given?
|
1162
|
-
!!config[:policy_name]
|
1163
|
-
end
|
1164
|
-
|
1165
|
-
# True if one of policy_name or policy_group was given, but not both
|
1166
|
-
def incomplete_policyfile_options?
|
1167
|
-
(!!config[:policy_name] ^ config[:policy_group])
|
1168
|
-
end
|
1169
|
-
|
1170
|
-
# session_timeout option has a default that may not arrive, particularly if
|
1171
|
-
# we're being invoked from a plugin that doesn't merge_config.
|
1172
|
-
def session_timeout
|
1173
|
-
timeout = config[:session_timeout]
|
1174
|
-
return options[:session_timeout][:default] if timeout.nil?
|
1175
|
-
|
1176
|
-
timeout.to_i
|
1177
|
-
end
|
1178
|
-
|
1179
|
-
# Train::Transports::SSH::Connection#transport_options
|
1180
|
-
# Append the options to connection transport_options
|
1181
|
-
#
|
1182
|
-
# @param opts [Hash] the opts to be added to connection transport_options.
|
1183
|
-
# @return [Hash] transport_options if the opts contains any option to be set.
|
1184
|
-
#
|
1185
|
-
def set_transport_options(opts)
|
1186
|
-
return unless opts.is_a?(Hash) || !opts.empty?
|
1187
|
-
|
1188
|
-
connection&.connection&.transport_options&.merge! opts
|
1189
|
-
end
|
1190
|
-
end
|
1191
|
-
end
|
1192
|
-
end
|