knife-ec-backup 2.4.0 → 2.4.15
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +67 -42
- data/Rakefile +1 -1
- data/lib/chef/automate.rb +18 -0
- data/lib/chef/knife/ec_backup.rb +7 -6
- data/lib/chef/knife/ec_base.rb +29 -5
- data/lib/chef/knife/ec_key_base.rb +50 -15
- data/lib/chef/knife/ec_key_export.rb +1 -1
- data/lib/chef/knife/ec_key_import.rb +3 -3
- data/lib/chef/knife/ec_restore.rb +7 -6
- data/lib/chef/server.rb +3 -4
- data/lib/knife_ec_backup/version.rb +2 -1
- data/spec/chef/knife/ec_backup_spec.rb +2 -0
- data/spec/chef/knife/ec_base_spec.rb +1 -1
- data/spec/chef/knife/ec_key_base_spec.rb +5 -4
- data/spec/chef/knife/ec_key_export_spec.rb +2 -2
- data/spec/chef/knife/ec_restore_spec.rb +1 -1
- data/spec/chef/server_spec.rb +22 -17
- metadata +19 -31
- data/spec/chef/knife/coverage/assets/0.10.2/application.css +0 -799
- data/spec/chef/knife/coverage/assets/0.10.2/application.js +0 -1707
- data/spec/chef/knife/coverage/assets/0.10.2/colorbox/border.png +0 -0
- data/spec/chef/knife/coverage/assets/0.10.2/colorbox/controls.png +0 -0
- data/spec/chef/knife/coverage/assets/0.10.2/colorbox/loading.gif +0 -0
- data/spec/chef/knife/coverage/assets/0.10.2/colorbox/loading_background.png +0 -0
- data/spec/chef/knife/coverage/assets/0.10.2/favicon_green.png +0 -0
- data/spec/chef/knife/coverage/assets/0.10.2/favicon_red.png +0 -0
- data/spec/chef/knife/coverage/assets/0.10.2/favicon_yellow.png +0 -0
- data/spec/chef/knife/coverage/assets/0.10.2/loading.gif +0 -0
- data/spec/chef/knife/coverage/assets/0.10.2/magnify.png +0 -0
- data/spec/chef/knife/coverage/assets/0.10.2/smoothness/images/ui-bg_flat_0_aaaaaa_40x100.png +0 -0
- data/spec/chef/knife/coverage/assets/0.10.2/smoothness/images/ui-bg_flat_75_ffffff_40x100.png +0 -0
- data/spec/chef/knife/coverage/assets/0.10.2/smoothness/images/ui-bg_glass_55_fbf9ee_1x400.png +0 -0
- data/spec/chef/knife/coverage/assets/0.10.2/smoothness/images/ui-bg_glass_65_ffffff_1x400.png +0 -0
- data/spec/chef/knife/coverage/assets/0.10.2/smoothness/images/ui-bg_glass_75_dadada_1x400.png +0 -0
- data/spec/chef/knife/coverage/assets/0.10.2/smoothness/images/ui-bg_glass_75_e6e6e6_1x400.png +0 -0
- data/spec/chef/knife/coverage/assets/0.10.2/smoothness/images/ui-bg_glass_95_fef1ec_1x400.png +0 -0
- data/spec/chef/knife/coverage/assets/0.10.2/smoothness/images/ui-bg_highlight-soft_75_cccccc_1x100.png +0 -0
- data/spec/chef/knife/coverage/assets/0.10.2/smoothness/images/ui-icons_222222_256x240.png +0 -0
- data/spec/chef/knife/coverage/assets/0.10.2/smoothness/images/ui-icons_2e83ff_256x240.png +0 -0
- data/spec/chef/knife/coverage/assets/0.10.2/smoothness/images/ui-icons_454545_256x240.png +0 -0
- data/spec/chef/knife/coverage/assets/0.10.2/smoothness/images/ui-icons_888888_256x240.png +0 -0
- data/spec/chef/knife/coverage/assets/0.10.2/smoothness/images/ui-icons_cd0a0a_256x240.png +0 -0
- data/spec/chef/knife/coverage/index.html +0 -72
- data/spec/chef/knife/key_dump.json +0 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ddb6a9c53f5ef60525564d583b9906c746c3af34b8fe25fe92d8e0f362d1f039
|
4
|
+
data.tar.gz: '04987273e967c37af6b3738bac962349f07edc5a4db1a0ec13c0004093adc8af'
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ab40c44efddf1418bf52ed6d329b4e8d4419c927dbdcbfc758440d53b178183747c333c9019bbaec16b59750ec0432e9bf7397bcd651e978445abfe2f4515b4d
|
7
|
+
data.tar.gz: b5a4137aca897ffcf811e1c96fc87b3ffeb435337ac1aaf1a2301ed9ea0683983da8c1991daa9ce5413d6551453de98e2c99c6f8cb1156420f78a5104d9919e6
|
data/README.md
CHANGED
@@ -1,8 +1,16 @@
|
|
1
|
-
#
|
2
|
-
[![Build
|
1
|
+
# Knife EC Backup
|
2
|
+
[![Build status](https://badge.buildkite.com/4bc85427aab66accafbd7abb2932b9dd7f9208162c5be33488.svg?branch=master)](https://buildkite.com/chef-oss/chef-knife-ec-backup-master-verify)
|
3
3
|
[![Gem Version](https://badge.fury.io/rb/knife-ec-backup.svg)](https://badge.fury.io/rb/knife-ec-backup)
|
4
4
|
|
5
|
-
|
5
|
+
**Umbrella Project**: [Knife](https://github.com/chef/chef-oss-practices/blob/master/projects/knife.md)
|
6
|
+
|
7
|
+
**Project State**: [Active](https://github.com/chef/chef-oss-practices/blob/master/repo-management/repo-states.md#active)
|
8
|
+
|
9
|
+
**Issues [Response Time Maximum](https://github.com/chef/chef-oss-practices/blob/master/repo-management/repo-states.md)**: 14 days
|
10
|
+
|
11
|
+
**Pull Request [Response Time Maximum](https://github.com/chef/chef-oss-practices/blob/master/repo-management/repo-states.md)**: 14 days
|
12
|
+
|
13
|
+
## Description
|
6
14
|
|
7
15
|
knife-ec-backup can backup and restore the data in an Enterprise Chef
|
8
16
|
Server installation, preserving the data in an intermediate, editable
|
@@ -10,29 +18,24 @@ text format. It is similar to the `knife download` and `knife upload`
|
|
10
18
|
commands and uses the same underlying libraries, but also includes
|
11
19
|
workarounds for objects not yet supported by those tools and various
|
12
20
|
Server API deficiencies. The long-run goal is to improve `knife
|
13
|
-
download`, `knife upload` and the Chef Server API and deprecate this
|
21
|
+
download`, `knife upload` and the Chef Infra Server API and deprecate this
|
14
22
|
tool.
|
15
23
|
|
16
|
-
|
24
|
+
## Requirements
|
17
25
|
|
18
|
-
This knife plugin requires Chef Client 11.8+.
|
26
|
+
This knife plugin requires Chef Infra Client 11.8+.
|
19
27
|
|
20
|
-
|
28
|
+
### Server Support
|
21
29
|
|
22
|
-
|
23
|
-
of this gem. Version 1.x additionally depends on knife-essentials.
|
24
|
-
|
25
|
-
## Server Support
|
26
|
-
|
27
|
-
This plugin currently supports Enterprise Chef 11 and Chef Server 12.
|
30
|
+
This plugin currently supports Enterprise Chef 11 and Chef Infra Server 12+.
|
28
31
|
Support for the beta key rotation features is provided via the
|
29
32
|
`--with-keys-sql` flag, but users of this feature should note that
|
30
|
-
this may change once the Chef Server supports an API-based export of
|
33
|
+
this may change once the Chef Infra Server supports an API-based export of
|
31
34
|
the key data.
|
32
35
|
|
33
|
-
|
36
|
+
## Installation
|
34
37
|
|
35
|
-
|
38
|
+
### Chef Infra Server Install (Recommended)
|
36
39
|
|
37
40
|
This gem is installed with chef-server-core 12.0.0 and newer.
|
38
41
|
|
@@ -45,7 +48,7 @@ downloading the .zip file. Once unpacked, run:
|
|
45
48
|
/opt/opscode/embedded/bin/gem install knife-ec-backup*gem --no-ri --no-rdoc -V
|
46
49
|
```
|
47
50
|
|
48
|
-
|
51
|
+
#### Note on installing with existing development tools:
|
49
52
|
|
50
53
|
The latest versions of knife-ec-backup require gems with native
|
51
54
|
extensions, thus you must install a standard build toolchain. To
|
@@ -54,6 +57,24 @@ on your system, try the following:
|
|
54
57
|
|
55
58
|
/opt/opscode/embedded/bin/gem install knife-ec-backup -- --with-pg-config=/opt/opscode/embedded/postgresql/9.2/bin/pg_config
|
56
59
|
|
60
|
+
This uses the libpq headers that are included in the Chef Infra Server
|
61
|
+
package installed in `/opt/opscode`.
|
62
|
+
|
63
|
+
### Chef Workstation Install (Unsupported)
|
64
|
+
|
65
|
+
On systems other than the Chef Infra Server, installation of this gem is not
|
66
|
+
tested or supported. However, if you attempt to do so you will need the
|
67
|
+
postgresql libraries installed.
|
68
|
+
|
69
|
+
For example, on macOS:
|
70
|
+
|
71
|
+
```
|
72
|
+
brew install libpq
|
73
|
+
gem install knife-ec-backup -- --with-pg-config=/usr/local/Cellar/libpq/9.2/bin/pg_config
|
74
|
+
```
|
75
|
+
|
76
|
+
The current location of pg_config can be determined with `brew info libpq`.
|
77
|
+
|
57
78
|
## Running tests
|
58
79
|
|
59
80
|
```
|
@@ -76,25 +97,29 @@ Clone the git repository and run the following from inside:
|
|
76
97
|
gem build knife-ec-backup.gemspec
|
77
98
|
gem install knife-ec-backup*gem
|
78
99
|
|
79
|
-
|
100
|
+
## Configuration
|
80
101
|
|
81
|
-
|
102
|
+
### Permissions
|
82
103
|
|
83
104
|
Note that most users in an EC installation lack the permissions to pull all of the data from all organizations and other users.
|
84
|
-
This plugin **REQUIRES THE PIVOTAL KEY AND WEBUI KEY** from the Chef Server.
|
85
|
-
It is recommended that you run this from a frontend Enterprise Chef Server, you can use --user and --key to pass the pivotal information along.
|
105
|
+
This plugin **REQUIRES THE PIVOTAL KEY AND WEBUI KEY** from the Chef Infra Server.
|
106
|
+
It is recommended that you run this from a frontend Enterprise Chef Infra Server, you can use --user and --key to pass the pivotal information along.
|
86
107
|
|
87
|
-
|
108
|
+
## Subcommands
|
88
109
|
|
89
|
-
|
110
|
+
### Common Options
|
90
111
|
|
91
112
|
The following options are supported across all subcommands:
|
92
113
|
|
93
114
|
* `--sql-host`:
|
94
|
-
The hostname of the Chef Server's postgresql server. (default: localhost)
|
115
|
+
The hostname of the Chef Infra Server's postgresql server. (default: localhost)
|
95
116
|
|
96
117
|
* `--sql-port`:
|
97
|
-
The postgresql listening port on the Chef Server. (default: 5432)
|
118
|
+
The postgresql listening port on the Chef Infra Server. (default: 5432)
|
119
|
+
|
120
|
+
* `--sql-db`:
|
121
|
+
The postgresql Chef Infra Server database name. (default: opscode_chef)
|
122
|
+
Specify 'automate-cs-oc-erchef' when using Automate Chef Infra Server API
|
98
123
|
|
99
124
|
* `--sql-user`:
|
100
125
|
The username of postgresql user with access to the opscode_chef
|
@@ -110,7 +135,7 @@ The following options are supported across all subcommands:
|
|
110
135
|
* `--dry-run`:
|
111
136
|
Report what actions would be taken without performing any. (default: false)
|
112
137
|
|
113
|
-
|
138
|
+
### knife ec backup DEST_DIR (options)
|
114
139
|
|
115
140
|
*Path*: If you have chef-client installed as well, you may need to invoke this as `/opt/opscode/embedded/bin/knife ec backup backup`
|
116
141
|
|
@@ -132,8 +157,8 @@ The following options are supported across all subcommands:
|
|
132
157
|
|
133
158
|
* `--with-key-sql`: Whether to backup/restore key data directly
|
134
159
|
from the database. This requires access to the listening
|
135
|
-
postgresql port on the Chef Server. This is required to correctly
|
136
|
-
handle keys in Chef Servers with multikey support. This option
|
160
|
+
postgresql port on the Chef Infra Server. This is required to correctly
|
161
|
+
handle keys in Chef Infra Servers with multikey support. This option
|
137
162
|
will only work on `restore` if it was also used during the
|
138
163
|
`backup`.
|
139
164
|
|
@@ -144,7 +169,7 @@ The following options are supported across all subcommands:
|
|
144
169
|
Chef objects.
|
145
170
|
|
146
171
|
* `--skip-version-check`:
|
147
|
-
Skip Chef Server version check. This will also skip any auto-configured options (default: false)
|
172
|
+
Skip Chef Infra Server version check. This will also skip any auto-configured options (default: false)
|
148
173
|
|
149
174
|
* `--only-org ORG`:
|
150
175
|
Only donwload/restore objects in the named organization. Global
|
@@ -202,7 +227,7 @@ This compares very closely with the "knife download /" from an OSC server:
|
|
202
227
|
users
|
203
228
|
<name>.json>
|
204
229
|
|
205
|
-
|
230
|
+
### knife ec restore DEST_DIR (options)
|
206
231
|
|
207
232
|
Restores all data from the specified DEST_DIR to an Enterprise Chef /
|
208
233
|
Private Chef server. DEST_DIR should be a backup directory created by
|
@@ -227,11 +252,11 @@ Private Chef server. DEST_DIR should be a backup directory created by
|
|
227
252
|
Server. (default: 10)
|
228
253
|
|
229
254
|
* `--skip-version-check`:
|
230
|
-
Skip Chef Server version check. This will
|
255
|
+
Skip Chef Infra Server version check. This will
|
231
256
|
also skip any auto-configured options (default: false)
|
232
257
|
|
233
258
|
* `--[no-]skip-user-ids`:
|
234
|
-
Reuses user ids from the restore destination when updating existing
|
259
|
+
Reuses user ids from the restore destination when updating existing
|
235
260
|
users to avoid database conflicts (default: true)
|
236
261
|
|
237
262
|
* `--with-user-sql`:
|
@@ -244,8 +269,8 @@ Private Chef server. DEST_DIR should be a backup directory created by
|
|
244
269
|
|
245
270
|
* `--with-key-sql`: Whether to backup/restore key data directly
|
246
271
|
from the database. This requires access to the listening
|
247
|
-
postgresql port on the Chef Server. This is required to correctly
|
248
|
-
handle keys in Chef Servers with multikey support. This option
|
272
|
+
postgresql port on the Chef Infra Server. This is required to correctly
|
273
|
+
handle keys in Chef Infra Servers with multikey support. This option
|
249
274
|
will only work on `restore` if it was also used during the
|
250
275
|
`backup`.
|
251
276
|
|
@@ -256,35 +281,35 @@ Private Chef server. DEST_DIR should be a backup directory created by
|
|
256
281
|
Chef objects.
|
257
282
|
|
258
283
|
* `--only-org ORG`:
|
259
|
-
Only
|
284
|
+
Only download/restore objects in the named organization. Global
|
260
285
|
objects such as users will still be downloaded/restored.
|
261
286
|
|
262
|
-
|
287
|
+
### knife ec key export [FILENAME]
|
263
288
|
|
264
|
-
Create a json representation of the users table from the Chef Server
|
289
|
+
Create a json representation of the users table from the Chef Infra Server
|
265
290
|
database. If no argument is given, the name of the backup is
|
266
291
|
`key_dump.json`.
|
267
292
|
|
268
293
|
Please note, most users should use `knife ec backup` with the
|
269
294
|
`--with-user-sql` option rather than this command.
|
270
295
|
|
271
|
-
|
296
|
+
### knife ec key import [FILENAME]
|
272
297
|
|
273
298
|
Import a json representation of the users table from FILENAME to the
|
274
|
-
the Chef Server database. If no argument is given, the filename is
|
299
|
+
the Chef Infra Server database. If no argument is given, the filename is
|
275
300
|
assumed to be `key_dump.json`.
|
276
301
|
|
277
302
|
Please note, most user should use `knife ec restore` with the
|
278
303
|
`--with-user-sql` option rather than this command.
|
279
304
|
|
280
|
-
|
305
|
+
## Known Bugs
|
281
306
|
|
282
307
|
- knife-ec-backup cannot be installed in the embedded gemset of Chef
|
283
|
-
Server 12. This will be resolved in a future Chef Server release.
|
308
|
+
Server 12. This will be resolved in a future Chef Infra Server release.
|
284
309
|
|
285
310
|
- `knife ec restore` can fail to restore cookbooks, failing with an
|
286
311
|
internal server error. A common cause of this problem is a
|
287
|
-
concurrency bug in Chef Server. Setting `--concurrency 1` can often
|
312
|
+
concurrency bug in Chef Infra Server. Setting `--concurrency 1` can often
|
288
313
|
work around the issue.
|
289
314
|
|
290
315
|
- `knife ec restore` can fail if the pool of pre-created organizations
|
data/Rakefile
CHANGED
@@ -0,0 +1,18 @@
|
|
1
|
+
class Chef
|
2
|
+
class Automate
|
3
|
+
def self.is_installed?
|
4
|
+
File.exists?('/hab/svc/automate-cs-oc-erchef/')
|
5
|
+
end
|
6
|
+
|
7
|
+
def self.config
|
8
|
+
{
|
9
|
+
sql_user: 'automate-cs-oc-erchef',
|
10
|
+
sql_cert: '/hab/svc/automate-cs-oc-erchef/config/service.crt',
|
11
|
+
sql_key: '/hab/svc/automate-cs-oc-erchef/config/service.key',
|
12
|
+
sql_rootcert: '/hab/svc/automate-cs-oc-erchef/config/root_ca.crt',
|
13
|
+
sql_db: 'automate-cs-oc-erchef',
|
14
|
+
webui_key: '/hab/svc/automate-cs-oc-erchef/data/webui_priv.pem'
|
15
|
+
}
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
data/lib/chef/knife/ec_backup.rb
CHANGED
@@ -1,5 +1,5 @@
|
|
1
1
|
require 'chef/knife'
|
2
|
-
|
2
|
+
require_relative 'ec_base'
|
3
3
|
|
4
4
|
class Chef
|
5
5
|
class Knife
|
@@ -14,8 +14,8 @@ class Chef
|
|
14
14
|
require 'chef/chef_fs/file_system'
|
15
15
|
require 'chef/chef_fs/file_pattern'
|
16
16
|
require 'chef/chef_fs/parallelizer'
|
17
|
-
|
18
|
-
require 'fileutils'
|
17
|
+
require_relative '../server'
|
18
|
+
require 'fileutils' unless defined?(FileUtils)
|
19
19
|
end
|
20
20
|
|
21
21
|
def run
|
@@ -96,10 +96,10 @@ class Chef
|
|
96
96
|
knife_ec_error_handler.add(ex)
|
97
97
|
next
|
98
98
|
end
|
99
|
-
# Enterprise Chef 11 and below uses a pool of
|
99
|
+
# Enterprise Chef 11 and below uses a pool of pre-created
|
100
100
|
# organizations to account for slow organization creation
|
101
101
|
# using CouchDB. Thus, on server versions < 12 we want to
|
102
|
-
# skip any of these
|
102
|
+
# skip any of these pre-created organizations by checking if
|
103
103
|
# they have been assigned or not. The Chef 12 API does not
|
104
104
|
# return an assigned_at field.
|
105
105
|
if org['assigned_at'] || server.version >= Gem::Version.new("12")
|
@@ -127,12 +127,13 @@ class Chef
|
|
127
127
|
end
|
128
128
|
|
129
129
|
def export_from_sql
|
130
|
-
|
130
|
+
require_relative 'ec_key_export'
|
131
131
|
Chef::Knife::EcKeyExport.deps
|
132
132
|
k = Chef::Knife::EcKeyExport.new
|
133
133
|
k.name_args = ["#{dest_dir}/key_dump.json", "#{dest_dir}/key_table_dump.json"]
|
134
134
|
k.config[:sql_host] = config[:sql_host]
|
135
135
|
k.config[:sql_port] = config[:sql_port]
|
136
|
+
k.config[:sql_db] = config[:sql_db]
|
136
137
|
k.config[:sql_user] = config[:sql_user]
|
137
138
|
k.config[:sql_password] = config[:sql_password]
|
138
139
|
k.config[:skip_users_table] = !config[:with_user_sql]
|
data/lib/chef/knife/ec_base.rb
CHANGED
@@ -18,9 +18,10 @@
|
|
18
18
|
|
19
19
|
require 'chef/knife'
|
20
20
|
require 'chef/server_api'
|
21
|
-
require 'veil'
|
22
|
-
|
23
|
-
require 'ffi_yajl'
|
21
|
+
require 'veil' unless defined?(Veil)
|
22
|
+
require_relative 'ec_error_handler'
|
23
|
+
require 'ffi_yajl' unless defined?(FFI_Yajl)
|
24
|
+
require_relative '../automate'
|
24
25
|
|
25
26
|
class Chef
|
26
27
|
class Knife
|
@@ -31,13 +32,17 @@ class Chef
|
|
31
32
|
def self.included(includer)
|
32
33
|
includer.class_eval do
|
33
34
|
|
35
|
+
option :error_log_dir,
|
36
|
+
:long => '--error-log-dir PATH',
|
37
|
+
:description => 'Path to a directory where any errors will be logged'
|
38
|
+
|
34
39
|
option :concurrency,
|
35
40
|
:long => '--concurrency THREADS',
|
36
41
|
:description => 'Maximum number of simultaneous requests to send (default: 10)'
|
37
42
|
|
38
43
|
option :webui_key,
|
39
44
|
:long => '--webui-key KEYPATH',
|
40
|
-
:description => 'Path to the WebUI Key (default: Read from secrets store or /etc/opscode/webui_priv.pem)'
|
45
|
+
:description => 'Path to the WebUI Key (default: Read from secrets store or /etc/opscode/webui_priv.pem or /hab/svc/automate-cs-oc-erchef/data/webui_priv.pem)'
|
41
46
|
|
42
47
|
option :secrets_file_path,
|
43
48
|
:long => '--secrets-file PATH',
|
@@ -70,6 +75,10 @@ class Chef
|
|
70
75
|
:description => 'Postgresql database port (default: 5432)',
|
71
76
|
:default => 5432
|
72
77
|
|
78
|
+
option :sql_db,
|
79
|
+
:long => '--sql-db DBNAME',
|
80
|
+
:description => 'Postgresql Chef Server database name (default: opscode_chef or automate-cs-oc-erchef)'
|
81
|
+
|
73
82
|
option :sql_user,
|
74
83
|
:long => "--sql-user USERNAME",
|
75
84
|
:description => 'User used to connect to the postgresql database.'
|
@@ -78,6 +87,18 @@ class Chef
|
|
78
87
|
:long => "--sql-password PASSWORD",
|
79
88
|
:description => 'Password used to connect to the postgresql database'
|
80
89
|
|
90
|
+
option :sql_cert,
|
91
|
+
:long => "--sql-cert ",
|
92
|
+
:description => 'Path to client ssl cert'
|
93
|
+
|
94
|
+
option :sql_key,
|
95
|
+
:long => "--sql-key PATH",
|
96
|
+
:description => 'Path to client ssl key'
|
97
|
+
|
98
|
+
option :sql_rootcert,
|
99
|
+
:long => "--sql-rootcert ",
|
100
|
+
:description => 'Path to root ssl cert'
|
101
|
+
|
81
102
|
option :with_user_sql,
|
82
103
|
:long => '--with-user-sql',
|
83
104
|
:description => 'Try direct data base access for user export/import. Required to properly handle passwords, keys, and USAGs'
|
@@ -155,7 +176,8 @@ class Chef
|
|
155
176
|
end
|
156
177
|
|
157
178
|
def knife_ec_error_handler
|
158
|
-
|
179
|
+
error_dir = config[:error_log_dir] || dest_dir
|
180
|
+
@knife_ec_error_handler ||= Chef::Knife::EcErrorHandler.new(error_dir, self.class)
|
159
181
|
end
|
160
182
|
|
161
183
|
def user_acl_rest
|
@@ -190,6 +212,8 @@ class Chef
|
|
190
212
|
def webui_key
|
191
213
|
if config[:webui_key]
|
192
214
|
config[:webui_key]
|
215
|
+
elsif Chef::Automate.is_installed?
|
216
|
+
config[:webui_key] = Chef::Automate.config[:webui_key]
|
193
217
|
elsif veil.exist?("chef-server", "webui_key")
|
194
218
|
temporary_webui_key
|
195
219
|
else
|
@@ -17,6 +17,7 @@
|
|
17
17
|
#
|
18
18
|
|
19
19
|
require 'chef/knife'
|
20
|
+
require 'veil'
|
20
21
|
|
21
22
|
class Chef
|
22
23
|
class Knife
|
@@ -27,7 +28,8 @@ class Chef
|
|
27
28
|
|
28
29
|
deps do
|
29
30
|
require 'sequel'
|
30
|
-
require 'json'
|
31
|
+
require 'json' unless defined?(JSON)
|
32
|
+
require_relative '../automate'
|
31
33
|
end
|
32
34
|
|
33
35
|
option :sql_host,
|
@@ -40,6 +42,10 @@ class Chef
|
|
40
42
|
:description => 'Postgresql database port (default: 5432)',
|
41
43
|
:default => 5432
|
42
44
|
|
45
|
+
option :sql_db,
|
46
|
+
:long => '--sql-db DBNAME',
|
47
|
+
:description => 'Postgresql Chef Server database name (default: opscode_chef or automate-cs-oc-erchef)'
|
48
|
+
|
43
49
|
option :sql_user,
|
44
50
|
:long => "--sql-user USERNAME",
|
45
51
|
:description => 'User used to connect to the postgresql database.'
|
@@ -48,6 +54,18 @@ class Chef
|
|
48
54
|
:long => "--sql-password PASSWORD",
|
49
55
|
:description => 'Password used to connect to the postgresql database'
|
50
56
|
|
57
|
+
option :sql_cert,
|
58
|
+
:long => "--sql-cert ",
|
59
|
+
:description => 'Path to client ssl cert'
|
60
|
+
|
61
|
+
option :sql_key,
|
62
|
+
:long => "--sql-key PATH",
|
63
|
+
:description => 'Path to client ssl key'
|
64
|
+
|
65
|
+
option :sql_rootcert,
|
66
|
+
:long => "--sql-rootcert ",
|
67
|
+
:description => 'Path to root ssl cert'
|
68
|
+
|
51
69
|
option :secrets_file_path,
|
52
70
|
:long => '--secrets-file PATH',
|
53
71
|
:description => 'Path to a valid private-chef-secrets.json file (default: /etc/opscode/private-chef-secrets.json)',
|
@@ -68,27 +86,44 @@ class Chef
|
|
68
86
|
def db
|
69
87
|
@db ||= begin
|
70
88
|
require 'sequel'
|
71
|
-
|
72
|
-
|
89
|
+
require 'uri'
|
90
|
+
server_uri = URI('postgres://')
|
91
|
+
server_uri.host = config[:sql_host]
|
92
|
+
server_uri.port = config[:sql_port]
|
93
|
+
server_uri.user = URI.encode_www_form_component(config[:sql_user]) if config[:sql_user]
|
94
|
+
server_uri.password = URI.encode_www_form_component(config[:sql_password]) if config[:sql_password]
|
95
|
+
query_params = []
|
96
|
+
query_params.push("sslcert=#{config[:sql_cert]}") if config[:sql_cert]
|
97
|
+
query_params.push("sslkey=#{config[:sql_key]}") if config[:sql_key]
|
98
|
+
query_params.push("sslrootcert=#{config[:sql_rootcert]}") if config[:sql_rootcert]
|
99
|
+
server_uri.query = query_params.join("&") if query_params.length > 0
|
100
|
+
|
101
|
+
::Sequel.connect(server_uri.to_s, :convert_infinite_timestamps => :string)
|
73
102
|
end
|
74
103
|
end
|
75
104
|
|
76
105
|
# Loads SQL user and password from running config if not passed
|
77
106
|
# as a command line option
|
78
107
|
def load_config_from_file!
|
79
|
-
if
|
80
|
-
ui.
|
81
|
-
|
108
|
+
if Chef::Automate.is_installed?
|
109
|
+
ui.msg "Automate detected"
|
110
|
+
config.merge! Chef::Automate.config {|key, v1, v2| v1}
|
82
111
|
else
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
112
|
+
if ! File.exists?("/etc/opscode/chef-server-running.json")
|
113
|
+
ui.fatal "SQL User or Password not provided as option and running config cannot be found!"
|
114
|
+
exit 1
|
115
|
+
else
|
116
|
+
running_config ||= JSON.parse(File.read("/etc/opscode/chef-server-running.json"))
|
117
|
+
# Latest versions of chef server put the database info under opscode-erchef.sql_user
|
118
|
+
hash_key = if running_config['private_chef']['opscode-erchef'].has_key? 'sql_user'
|
119
|
+
'opscode-erchef'
|
120
|
+
else
|
121
|
+
'postgresql'
|
122
|
+
end
|
123
|
+
config[:sql_user] ||= running_config['private_chef'][hash_key]['sql_user']
|
124
|
+
config[:sql_password] ||= (running_config['private_chef'][hash_key]['sql_password'] || sql_password)
|
125
|
+
config[:sql_db] ||= 'opscode_chef'
|
126
|
+
end
|
92
127
|
end
|
93
128
|
end
|
94
129
|
|