knife-azure 1.4.0 → 1.5.1.rc.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: aeb4af6456dab8beda263cd3a927595e735cfbd4
-  data.tar.gz: 349ffcf70307d3d17bd0ffca1a3ad029958e2724
+  metadata.gz: 835e340ce2d007e4dff24796002efd27cd9fdef0
+  data.tar.gz: f92a818b349d34acd9bf82101ab0731581aff5b1
 SHA512:
-  metadata.gz: 9b62f3daf13b8ef4c5f4739dc9c8c6b55ddbc945136d8510fc77052aee7b507deedfbf1f62c5cb43df9bcf388c3682e06ba3abff7dbab179bc5cf315b99ed088
-  data.tar.gz: fca727f21aed58488616199af049a85564bb4b11a7794c3e5c2895e4ecc9cfbe9768f2be71d1d72f66d7d1cd65e9117247a0e666e5d77e930ffb2a8e25ce9c28
+  metadata.gz: 75c4aa892fd004fbad3afc464521414aa9f6486f382e9f29312b42302429161886562e04c7ae90a1969b04b46e943db0b969cc6296d020a1d821ed4747a96e9a
+  data.tar.gz: 59dbf6fbd46fd562597ba6b6c947b20a146b5f15dc111cb1abbe8fc8e88e85d75c4b688e94e5153b8b08ec63e8f3c260098e0fa4d3c4a29a19aab99c9fe59c1b

data/README.md

@@ -15,7 +15,7 @@ via:
 This plugin is distributed as a Ruby Gem. To install it, run:
 
     gem install knife-azure
-    
+
 Depending on your system's configuration, you may need to run this command
 with root/administrator privileges.
 
@@ -28,7 +28,7 @@ local file system location, and
 then refer to the local file via an entry in your knife.rb:
 
     knife[:azure_publish_settings_file] = "~/myazure.publishsettings"
-    
+
 Alternatively, all subcommands for this plugin will accept an
 --azure-publish-settings-file option to allow you to specify the path to that
 file with each command invocation.
@@ -43,7 +43,7 @@ location in your knife.rb:
 
       # List images for use in creating new VM's:
       $ knife azure image list
-        
+
       # List all VM's (including those not be managed by Chef)
       $ knife azure server list
 
@@ -55,7 +55,7 @@ location in your knife.rb:
 
       # Create and bootstrap an Windows VM through the Azure API --
       # No winrm or ssh transport or Internet access required
-      $ knife azure server create --azure-dns-name MyNewServerName --azure-vm-size Medium -I a699494373c04fc0bc8f2bb1389d6106__Windows-Server-2012-R2-201412.01-en.us-127GB.vhd --azure-service-location 'West US' --winrm-user myuser --winrm-password 'mypassword' --bootstrap-protocol winrm --bootstrap-protocol cloud-api
+      $ knife azure server create --azure-dns-name MyNewServerName --azure-vm-size Medium -I a699494373c04fc0bc8f2bb1389d6106__Windows-Server-2012-R2-201412.01-en.us-127GB.vhd --azure-service-location 'West US' --winrm-user myuser --winrm-password 'mypassword' --bootstrap-protocol cloud-api
 
       # Delete a server and purge it from the Chef server
       $ knife azure server delete MyNewNode --purge -y
@@ -200,16 +200,32 @@ These options may also be configured from knife.rb, as in this example:
     :kerberos_service             The Kerberos service used for authentication
     :ca_trust_file                The Certificate Authority (CA) trust file used for SSL transport
 
+#### Options to configure WinRM for Bootstrapping a Windows Node
+Theses options are useful if you have long-running run-lists and if the chef run might use a lot of memory. In most cases people don't need to set these, but if they see certain timeout or memory related errors during bootstrap, particularly on Win2k8r2, it may make sense to move these beyond the default.
+
+    :winrm_max_timeout           Set winrm max timeout in minutes
+    :winrm_max_memoryPerShell    Set winrm max memory per shell in MB
+
+    Command:
+    knife azure server create
+            --azure-dns-name 'myserver'
+            --azure-source-image 'windows-2012-image-id'
+            --azure-service-location 'West US'
+            --winrm-user azure
+            --winrm-password 'azure@123'
+            --winrm-max-timeout 30
+            --winrm-max-memoryPerShell 400
+
 #### Azure Windows Node Create
 The quick create option requires the following options for a windows instance:
-    
+
     knife azure server create
                 --azure-publish-settings-file '/path/to/your/cert.publishsettingsfile'
                 --azure-dns-name 'myserverdnsname'
                 --azure-service-location 'West US'
                 --azure-source-image 'windows-2012-image-id'
                 --winrm-user 'jetstream'
-                --winrm-password 'jetstream@123'                
+                --winrm-password 'jetstream@123'
                 --distro 'windows-chef-client-msi'
 
 Sample knife.rb for bootstrapping Windows Node with basic authentication
@@ -221,6 +237,24 @@ Sample knife.rb for bootstrapping Windows Node with basic authentication
     knife[:distro] = 'windows-chef-client-msi'
     knife[:azure_source_image]='windows-2012-image-id'
 
+#### `cloud-api` bootstrap feature
+By specifying the value `cloud-api` for the `bootstrap_protocol` option of `knife azure server create` instead of `winrm` or `ssh`, Microsoft Azure will install Chef Client using its own internal mirror of Chef Client (it does not download it from Chef's Internet facing URL's as in the conventional winrm / ssh bootstrap). The process as a whole is asynchronous, so once the `knife azure server create` command has create the VM, full provisioning and Chef bootstrap will continue to occur even if the `knife` command is terminated before it completes.
+
+In general, systems bootstrapped via `cloud-api` do not require incoming or outgoing Internet access.
+
+    knife azure server create
+                --azure-publish-settings-file '/path/to/your/cert.publishsettingsfile'
+                --azure-dns-name 'myserverdnsname'
+                --azure-service-location 'West US'
+                --azure-source-image 'windows-2012-image-id'
+                --winrm-user 'jetstream'
+                --winrm-password 'jetstream@123'
+                --bootstrap-protocol 'cloud-api'
+                --delete-chef-extension-config
+
+`--delete-chef-extension-config` determines if Chef configuration files should be removed when Azure removes the Chef resource extension from the VM or not. This option is only valid for the 'cloud-api' bootstrap protocol. The default value is false. This is useful when `update` and `uninstall` commands are run for the extension on the VM created.
+
+
 ### Azure Server Delete Subcommand
 Deletes an existing server in the currently configured Azure account. By
 default, this does not delete the associated node and client objects from the

data/lib/azure/role.rb

@@ -172,7 +172,7 @@ class Azure
   class Role
     include AzureUtility
     attr_accessor :connection, :name, :status, :size, :ipaddress, :publicipaddress
-    attr_accessor :sshport, :hostedservicename, :deployname
+    attr_accessor :sshport, :hostedservicename, :deployname, :thumbprint
     attr_accessor :winrmport
     attr_accessor :hostname, :tcpports, :udpports
 
@@ -187,6 +187,7 @@ class Azure
       @hostname = xml_content(roleXML, 'HostName')
       @hostedservicename = hostedservicename
       @deployname = deployname
+      @thumbprint = fetch_thumbprint
       @tcpports = Array.new
       @udpports = Array.new
 
@@ -211,6 +212,12 @@ class Azure
         end
       end
     end
+
+    def fetch_thumbprint
+      query_result = connection.query_azure("hostedservices/#{@hostedservicename}/deployments/#{@hostedservicename}/roles/#{@name}")
+      query_result.at_css("DefaultWinRmCertificateThumbprint").nil? ? '' : query_result.at_css("DefaultWinRmCertificateThumbprint").text
+    end
+
     def setup(params)
       builder = Nokogiri::XML::Builder.new do |xml|
         xml.PersistentVMRole(
@@ -276,6 +283,62 @@ class Azure
                     }
                   end
                 xml.AdminUsername params[:winrm_user]
+                if params[:bootstrap_proto].downcase == 'winrm' && (params[:winrm_max_timeout] || params[:winrm_max_memoryPerShell])
+                  xml.AdditionalUnattendContent {
+                    xml.Passes {
+                      xml.UnattendPass {
+                        xml.PassName 'oobeSystem'
+                        xml.Components {
+                          xml.UnattendComponent {
+                            xml.ComponentName 'Microsoft-Windows-Shell-Setup'
+                            xml.ComponentSettings {
+                              xml.ComponentSetting {
+                                xml.SettingName 'AutoLogon'
+                                xml.Content Base64.encode64(
+                                  Nokogiri::XML::Builder.new do |auto_logon_xml|
+                                    auto_logon_xml.AutoLogon {
+                                      auto_logon_xml.Username params[:winrm_user]
+                                      auto_logon_xml.Password {
+                                        auto_logon_xml.Value params[:admin_password]
+                                        auto_logon_xml.PlainText true
+                                      }
+                                      auto_logon_xml.LogonCount 1
+                                      auto_logon_xml.Enabled true
+                                    }
+                                  end.to_xml(save_with: Nokogiri::XML::Node::SaveOptions::NO_DECLARATION)
+                                ).strip
+                              }
+                              xml.ComponentSetting {
+                                xml.SettingName 'FirstLogonCommands'
+                                xml.Content Base64.encode64(
+                                  Nokogiri::XML::Builder.new do |first_logon_xml|
+                                    first_logon_xml.FirstLogonCommands {
+                                      if params[:winrm_max_timeout]
+                                        first_logon_xml.SynchronousCommand('wcm:action' => 'add') {
+                                          first_logon_xml.Order 1
+                                          first_logon_xml.CommandLine "cmd.exe /c winrm set winrm/config @{MaxTimeoutms=\"#{params[:winrm_max_timeout]}\"}"
+                                          first_logon_xml.Description "Bump WinRM max timeout to #{params[:winrm_max_timeout]} milliseconds"
+                                        }
+                                      end
+
+                                      if params[:winrm_max_memoryPerShell]
+                                        first_logon_xml.SynchronousCommand('wcm:action' => 'add') {
+                                          first_logon_xml.Order 2
+                                          first_logon_xml.CommandLine "cmd.exe /c winrm set winrm/config/winrs @{MaxMemoryPerShellMB=\"#{params[:winrm_max_memoryPerShell]}\"}"
+                                          first_logon_xml.Description "Bump WinRM max memory per shell to #{params[:winrm_max_memoryPerShell]} MB"
+                                        }
+                                      end
+                                    }
+                                  end.to_xml(save_with: Nokogiri::XML::Node::SaveOptions::NO_DECLARATION)
+                                ).strip
+                              }
+                            }
+                          }
+                        }
+                      }
+                    }
+                  }
+                end
               }
             end
 
@@ -283,14 +346,18 @@ class Azure
               xml.ConfigurationSetType 'NetworkConfiguration'
               xml.InputEndpoints {
 
-                if params[:os_type] == 'Windows' and (params[:bootstrap_proto].downcase == 'winrm' or params[:bootstrap_proto].downcase == 'cloud-api')
+                if params[:os_type] == 'Windows' and params[:bootstrap_proto].downcase == 'winrm'
                   xml.InputEndpoint {
-                  xml.LocalPort '5985'
+                  if params[:winrm_transport] == "ssl"
+                    xml.LocalPort '5986'
+                  else
+                    xml.LocalPort '5985'
+                  end
                   xml.Name 'WinRM'
                   xml.Port params[:port]
                   xml.Protocol 'TCP'
                 }
-                else
+                elsif params[:os_type] == 'Linux' and params[:bootstrap_proto].downcase == 'ssh'
                   xml.InputEndpoint {
                   xml.LocalPort '22'
                   xml.Name 'SSH'
@@ -344,9 +411,6 @@ class Azure
             }
           }
 
-          if params[:azure_availability_set]
-            xml.AvailabilitySetName params[:azure_availability_set]
-          end
           # Azure resource extension support
           if params[:bootstrap_proto] == 'cloud-api'
             xml.ResourceExtensionReferences {
@@ -376,6 +440,10 @@ class Azure
             }
           end
 
+          if params[:azure_availability_set]
+            xml.AvailabilitySetName params[:azure_availability_set]
+          end
+
           xml.Label Base64.encode64(params[:azure_vm_name]).strip
 
           #OSVirtualHardDisk not required in case azure_source_image is a VMImage

data/lib/chef/knife/azure_server_create.rb

@@ -40,7 +40,6 @@ class Chef
 
       def load_winrm_deps
         require 'winrm'
-        require 'em-winrm'
         require 'chef/knife/winrm'
         require 'chef/knife/bootstrap_windows_winrm'
       end
@@ -198,7 +197,7 @@ class Chef
       option :azure_vm_ready_timeout,
         :long => "--azure-vm-ready-timeout TIMEOUT",
         :description => "The number of minutes that knife-azure will wait for the virtual machine state to transition from 'provisioning' to 'ready'. Default is 15.",
-        :default => 15 
+        :default => 15
 
       option :auth_timeout,
         :long => "--windows-auth-timeout MINUTES",
@@ -246,6 +245,22 @@ class Chef
       :default => false,
       :description => "Set this flag to enable auto chef client update in azure chef extension. This flag should be used with cloud-api bootstrap protocol only"
 
+      option :winrm_max_timeout,
+        :long => "--winrm-max-timeout MINUTES",
+        :description => "Set winrm max timeout in minutes"
+
+      option :winrm_max_memoryPerShell,
+        :long => "--winrm-max-memoryPerShell MB",
+        :description => "Set winrm max memory per shell in MB"
+
+
+      option :delete_chef_extension_config,
+        :long => "--delete-chef-extension-config",
+        :boolean => true,
+        :default => false,
+        :description => "Determines whether Chef configuration files removed when Azure removes the Chef resource extension from the VM. This option is only valid for the 'cloud-api' bootstrap protocol. The default is false."
+
+
       def strip_non_ascii(string)
         string.gsub(/[^0-9a-z ]/i, '')
       end
@@ -479,6 +494,12 @@ class Chef
         Chef::Log.info("validating...")
         validate!
 
+        if (locate_config_value(:auto_update_client) ||  locate_config_value(:delete_chef_extension_config))  &&  (locate_config_value(:bootstrap_protocol) != 'cloud-api')
+          ui.error("--auto-update-client option works with --bootstrap-protocol cloud-api") if locate_config_value(:auto_update_client)
+          ui.error("--delete-chef-extension-config option works with --bootstrap-protocol cloud-api") if locate_config_value(:delete_chef_extension_config)
+          exit 1
+        end
+
         ssh_override_winrm if %w(ssh cloud-api).include?(locate_config_value(:bootstrap_protocol)) and !is_image_windows?
 
         Chef::Log.info("creating...")
@@ -622,6 +643,8 @@ class Chef
             bootstrap.config[:winrm_authentication_protocol] = locate_config_value(:winrm_authentication_protocol)
             bootstrap.config[:winrm_port] = port
             bootstrap.config[:auth_timeout] = locate_config_value(:auth_timeout)
+            # Todo: we should skip cert generate in case when winrm_ssl_verify_mode=verify_none
+            bootstrap.config[:winrm_ssl_verify_mode] = locate_config_value(:winrm_ssl_verify_mode)
 
         elsif locate_config_value(:bootstrap_protocol) == 'ssh'
             bootstrap = Chef::Knife::BootstrapWindowsSsh.new
@@ -724,7 +747,9 @@ class Chef
           :ssl_cert_fingerprint => locate_config_value(:thumbprint),
           :cert_path => locate_config_value(:cert_path),
           :cert_password => locate_config_value(:cert_passphrase),
-          :winrm_transport => locate_config_value(:winrm_transport)
+          :winrm_transport => locate_config_value(:winrm_transport),
+          :winrm_max_timeout => locate_config_value(:winrm_max_timeout).to_i * 60 * 1000, #converting minutes to milliseconds
+          :winrm_max_memoryPerShell => locate_config_value(:winrm_max_memoryPerShell)
         }
         # If user is connecting a new VM to an existing dns, then
         # the VM needs to have a unique public port. Logic below takes care of this.
@@ -806,8 +831,12 @@ class Chef
 
       # get latest version
       def get_chef_extension_version
-        extensions = @connection.query_azure("resourceextensions/#{get_chef_extension_publisher}/#{get_chef_extension_name}")
-        extensions.css("Version").max.text.split(".").first + ".*"
+        if locate_config_value(:azure_chef_extension_version)
+          Chef::Config[:knife][:azure_chef_extension_version]
+        else
+          extensions = @connection.query_azure("resourceextensions/#{get_chef_extension_publisher}/#{get_chef_extension_name}")
+          extensions.css("Version").max.text.split(".").first + ".*"
+        end
       end
 
       def get_chef_extension_public_params
@@ -815,6 +844,17 @@ class Chef
         pub_config[:client_rb] = "chef_server_url \t #{Chef::Config[:chef_server_url].to_json}\nvalidation_client_name\t#{Chef::Config[:validation_client_name].to_json}"
         pub_config[:runlist] = locate_config_value(:run_list).empty? ? "" : locate_config_value(:run_list).join(",").to_json
         pub_config[:autoUpdateClient] = locate_config_value(:auto_update_client) ? "true" : "false"
+        pub_config[:deleteChefConfig] = locate_config_value(:delete_chef_extension_config) ? "true" : "false"
+        pub_config[:custom_json_attr] = locate_config_value(:json_attributes) || {}
+
+        # bootstrap attributes
+        pub_config[:bootstrap_options] = {}
+        pub_config[:bootstrap_options][:environment] = locate_config_value(:environment) if locate_config_value(:environment)
+        pub_config[:bootstrap_options][:chef_node_name] = config[:chef_node_name] if config[:chef_node_name]
+        pub_config[:bootstrap_options][:encrypted_data_bag_secret] = locate_config_value(:encrypted_data_bag_secret) if locate_config_value(:encrypted_data_bag_secret)
+        pub_config[:bootstrap_options][:chef_server_url] = Chef::Config[:chef_server_url] if Chef::Config[:chef_server_url]
+        pub_config[:bootstrap_options][:validation_client_name] = Chef::Config[:validation_client_name] if Chef::Config[:validation_client_name]
+
         Base64.encode64(pub_config.to_json)
       end
 

data/lib/chef/knife/azure_server_show.rb

@@ -60,6 +60,10 @@ class Chef
             end
             details << ui.color('Public IP', :bold, :cyan)
             details << role.publicipaddress
+            unless role.thumbprint.empty?
+              details << ui.color('Thumbprint', :bold, :cyan)
+              details << role.thumbprint
+            end
             puts ui.list(details, :columns_across, 2)
             if role.tcpports.length > 0 || role.udpports.length > 0
               details.clear

data/lib/knife-azure/version.rb

@@ -1,6 +1,6 @@
 module Knife
   module Azure
-    VERSION = "1.4.0"
+    VERSION = "1.5.1.rc.0"
     MAJOR, MINOR, TINY = VERSION.split('.')
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: knife-azure
 version: !ruby/object:Gem::Version
-  version: 1.4.0
+  version: 1.5.1.rc.0
 platform: ruby
 authors:
 - Barry Davis
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-02-09 00:00:00.000000000 Z
+date: 2015-05-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri