knife-ec2 0.6.4 → 0.6.6.rc.0

data/.gitignore

@@ -32,3 +32,6 @@ Icon?
 
 *.swp
 *.swo
+
+Gemfile.lock
+.rspec

data/.travis.yml

@@ -0,0 +1,4 @@
+rvm:
+  - 1.9.3
+  - 2.0.0
+script: bundle exec rspec --color --format progress

data/Gemfile

@@ -1,8 +1,2 @@
-source "http://rubygems.org"
-
-# Specify your gem's dependencies in knife-rackspace.gemspec
+source 'http://rubygems.org'
 gemspec
-
-group :development do
-  gem 'rspec', '~> 2.7.0'
-end

data/README.md

@@ -0,0 +1,114 @@
+Knife EC2
+=========
+[![Gem Version](https://badge.fury.io/rb/knife-ec2.png)](http://badge.fury.io/rb/knife-ec2)
+[![Build Status](https://travis-ci.org/opscode/knife-ec2.png?branch=master)](https://travis-ci.org/opscode/knife-ec2)
+[![Dependency Status](https://gemnasium.com/opscode/knife-ec2.png)](https://gemnasium.com/opscode/knife-ec2)
+
+This is the official Opscode Knife plugin for EC2. This plugin gives knife the ability to create, bootstrap, and manage EC2 instances.
+
+
+Installation
+------------
+If you're using bundler, simply add Chef and Knife EC2 to your `Gemfile`:
+
+```ruby
+gem 'chef'
+gem 'knife-ec2'
+```
+
+If you are not using bundler, you can install the gem manually. Be sure you are running Chef 0.10.10 or higher, as earlier versions do not support plugins.
+
+    $ gem install chef
+
+This plugin is distributed as a Ruby Gem. To install it, run:
+
+    $ gem install knife-ec2
+
+Depending on your system's configuration, you may need to run this command with root privileges.
+
+
+Configuration
+-------------
+In order to communicate with the Amazon's EC2 API you will have to tell Knife about your AWS Access Key and Secret Access Key. The easiest way to accomplish this is to create some entries in your `knife.rb` file:
+
+```ruby
+knife[:aws_access_key_id] = "Your AWS Access Key ID"
+knife[:aws_secret_access_key] = "Your AWS Secret Access Key"
+```
+
+If your `knife.rb` file will be checked into a SCM system (ie readable by others) you may want to read the values from environment variables:
+
+```ruby
+knife[:aws_access_key_id] = ENV['AWS_ACCESS_KEY_ID']
+knife[:aws_secret_access_key] = ENV['AWS_SECRET_ACCESS_KEY']
+```
+
+You also have the option of passing your AWS API Key/Secret into the individual knife subcommands using the `-A` (or `--aws-access-key-id`) `-K` (or `--aws-secret-access-key`) command options
+
+```bash
+# provision a new m1.small Ubuntu 10.04 webserver
+$ knife ec2 server create -r 'role[webserver]' -I ami-7000f019 -f m1.small -A 'Your AWS Access Key ID' -K "Your AWS Secret Access Key"
+```
+
+If you are working with Amazon's command line tools, there is a good chance
+you already have a file with these keys somewhere in this format:
+
+    AWSAccessKeyId=Your AWS Access Key ID
+    AWSSecretKey=Your AWS Secret Access Key
+        
+        In this case, you can point the <tt>aws_credential_file</tt> option to
+        this file in your <tt>knife.rb</tt> file, like so:
+        
+            knife[:aws_credential_file] = "/path/to/credentials/file/in/above/format"
+
+Additionally the following options may be set in your `knife.rb`:
+
+- flavor
+- image
+- availability_zone
+- aws_ssh_key_id
+- region
+- distro
+- template_file
+
+
+Subcommands
+-----------
+This plugin provides the following Knife subcommands. Specific command options can be found by invoking the subcommand with a `--help` flag
+
+
+#### `knife ec2 server create`
+Provisions a new server in the Amazon EC2 and then perform a Chef bootstrap (using the SSH protocol). The goal of the bootstrap is to get Chef installed on the target system so it can run Chef Client with a Chef Server. The main assumption is a baseline OS installation exists (provided by the provisioning). It is primarily intended for Chef Client systems that talk to a Chef server.
+
+#### `knife ec2 server delete`
+Deletes an existing server in the currently configured AWS account. **By default, this does not delete the associated node and client objects from the Chef server. To do so, add the `--purge` flag**
+
+#### `knife ec2 server list`
+Outputs a list of all servers in the currently configured AWS account. **Note, this shows all instances associated with the account, some of which may not be currently managed by the Chef server.**
+
+#### `knife ec2 instance data`
+Generates instance metadata in meant to be used with Opscode's custom AMIs. This will read your knife configuration `~/.chef/knife.rb` for the validation certificate and Chef server URL to use and output in JSON format. The subcommand also accepts a list of roles/recipes that will be in the node's initial run list.
+
+**Note**: Using Opscode's custom AMIs reflect an older way of launching instances in EC2 for Chef and should be considered DEPRECATED. Leveraging this plugins's `knife ec2 server create` subcommands with a base AMIs directly from your Linux distribution (ie Ubuntu AMIs from Canonical) is much preferred and more flexible. Although this subcommand will remain, the Opscode custom AMIs are currently out of date.
+
+In-depth usage instructions can be found on the [Chef Wiki](http://wiki.opscode.com/display/chef/EC2+Bootstrap+Fast+Start+Guide).
+
+License and Authors
+-------------------
+- Author:: Adam Jacob (<adam@opscode.com>)
+
+```text
+Copyright 2009-2013 Opscode, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+```

data/Rakefile

@@ -27,8 +27,9 @@ require 'rdoc/task'
 
 begin
   require 'sdoc'
+  require 'rdoc/task'
 
-  Rake::RDocTask.new do |rdoc|
+  RDoc::Task.new do |rdoc|
     rdoc.title = "Chef Ruby API Documentation"
     rdoc.main = "README.rdoc"
     rdoc.options << '--fmt' << 'shtml' # explictly set shtml generator

data/knife-ec2.gemspec

@@ -1,24 +1,29 @@
 # -*- encoding: utf-8 -*-
-$:.push File.expand_path("../lib", __FILE__)
-require "knife-ec2/version"
+$:.push File.expand_path('../lib', __FILE__)
+require 'knife-ec2/version'
 
 Gem::Specification.new do |s|
-  s.name        = "knife-ec2"
-  s.version     = Knife::Ec2::VERSION
-  s.has_rdoc = true
-  s.authors     = ["Adam Jacob","Seth Chisamore"]
-  s.email       = ["adam@opscode.com","schisamo@opscode.com"]
-  s.homepage = "http://wiki.opscode.com/display/chef"
-  s.summary = "EC2 Support for Chef's Knife Command"
-  s.description = s.summary
-  s.extra_rdoc_files = ["README.rdoc", "LICENSE" ]
+  s.name         = 'knife-ec2'
+  s.version      = Knife::Ec2::VERSION
+  s.authors      = ['Adam Jacob', 'Seth Chisamore']
+  s.email        = ['adam@opscode.com', 'schisamo@opscode.com']
+  s.homepage     = 'https://github.com/opscode/knife-ec2'
+  s.summary      = %q{EC2 Support for Chef\'s Knife Command}
+  s.description  = s.summary
+  s.license      = 'Apache 2.0'
 
-  s.files         = `git ls-files`.split("\n")
-  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
-  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
-  s.add_dependency "fog", "~> 1.6"
-  s.add_dependency "chef", ">= 0.10.10"
-  %w(rspec-core rspec-expectations rspec-mocks  rspec_junit_formatter).each { |gem| s.add_development_dependency gem }
+  s.files        = `git ls-files`.split("\n")
+  s.test_files   = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables  = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
 
-  s.require_paths = ["lib"]
+  s.add_dependency 'fog',           '~> 1.15.0'
+  s.add_dependency 'chef',          '>= 0.10.10'
+  s.add_dependency 'knife-windows', '>= 0.5.12'
+
+  s.add_development_dependency 'rspec', '~> 2.14'
+  s.add_development_dependency 'rake',  '~> 10.1'
+  s.add_development_dependency 'sdoc',  '~> 0.3'
+
+  s.require_paths = ['lib']
 end
+

data/lib/chef/knife/ec2_base.rb

@@ -34,6 +34,11 @@ class Chef
             require 'chef/json_compat'
           end
 
+          option :aws_credential_file,
+            :long => "--aws-credential-file FILE",
+            :description => "File containing AWS credentials as used by aws cmdline tools",
+            :proc => Proc.new { |key| Chef::Config[:knife][:aws_credential_file] = key }
+
           option :aws_access_key_id,
             :short => "-A ID",
             :long => "--aws-access-key-id KEY",
@@ -75,9 +80,26 @@ class Chef
         end
       end
 
+      def is_image_windows?
+        image_info = connection.images.get(@server.image_id)
+        return image_info.platform == 'windows'
+      end
+
       def validate!(keys=[:aws_access_key_id, :aws_secret_access_key])
         errors = []
 
+        unless Chef::Config[:knife][:aws_credential_file].nil?
+          unless (Chef::Config[:knife].keys & [:aws_access_key_id, :aws_secret_access_key]).empty?
+            errors << "Either provide a credentials file or the access key and secret keys but not both."
+          end
+          # File format:
+          # AWSAccessKeyId=somethingsomethingdarkside
+          # AWSSecretKey=somethingsomethingcomplete
+          entries = Hash[*File.read(Chef::Config[:knife][:aws_credential_file]).split(/[=\n]/)]
+          Chef::Config[:knife][:aws_access_key_id] = entries['AWSAccessKeyId']
+          Chef::Config[:knife][:aws_secret_access_key] = entries['AWSSecretKey']
+        end
+
         keys.each do |k|
           pretty_key = k.to_s.gsub(/_/, ' ').gsub(/\w+/){ |w| (w =~ /(ssh)|(aws)/i) ? w.upcase  : w.capitalize }
           if Chef::Config[:knife][k].nil?
@@ -91,7 +113,13 @@ class Chef
       end
 
     end
+
+    def iam_name_from_profile(profile)
+      # The IAM profile object only contains the name as part of the arn
+      if profile && profile.key?('arn')
+        name = profile['arn'].split('/')[-1]
+      end
+      name ||= ''
+    end
   end
 end
-
-

data/lib/chef/knife/ec2_server_create.rb

@@ -18,13 +18,14 @@
 #
 
 require 'chef/knife/ec2_base'
+require 'chef/knife/winrm_base'
 
 class Chef
   class Knife
     class Ec2ServerCreate < Knife
 
       include Knife::Ec2Base
-
+      include Knife::WinrmBase
       deps do
         require 'fog'
         require 'readline'
@@ -50,6 +51,10 @@ class Chef
         :description => "The AMI for the server",
         :proc => Proc.new { |i| Chef::Config[:knife][:image] = i }
 
+      option :iam_instance_profile,
+        :long => "--iam-profile NAME",
+        :description => "The IAM instance profile to apply to this instance."
+
       option :security_groups,
         :short => "-G X,Y,Z",
         :long => "--groups X,Y,Z",
@@ -66,6 +71,11 @@ class Chef
         :long => "--associate-eip IP_ADDRESS",
         :description => "Associate existing elastic IP address with instance after launch"
 
+      option :placement_group,
+        :long => "--placement-group PLACEMENT_GROUP",
+        :description => "The placement group to place a cluster compute instance",
+        :proc => Proc.new { |pg| Chef::Config[:knife][:placement_group] = pg }
+
       option :tags,
         :short => "-T T=V[,T=V,...]",
         :long => "--tags Tag=Value[,Tag=Value...]",
@@ -127,12 +137,18 @@ class Chef
         :long => "--bootstrap-version VERSION",
         :description => "The version of Chef to install",
         :proc => Proc.new { |v| Chef::Config[:knife][:bootstrap_version] = v }
+      
+      option :bootstrap_proxy,
+          :long => "--bootstrap-proxy PROXY_URL",
+          :description => "The proxy server for the node being bootstrapped",
+          :proc => Proc.new { |p| Chef::Config[:knife][:bootstrap_proxy] = p }
 
       option :distro,
         :short => "-d DISTRO",
         :long => "--distro DISTRO",
         :description => "Bootstrap a distro using a template; default is 'chef-full'",
-        :proc => Proc.new { |d| Chef::Config[:knife][:distro] = d }
+        :proc => Proc.new { |d| Chef::Config[:knife][:distro] = d },
+        :default => "chef-full"
 
       option :template_file,
         :long => "--template-file TEMPLATE",
@@ -158,6 +174,17 @@ class Chef
         :description => "Comma separated list of roles/recipes to apply",
         :proc => lambda { |o| o.split(/[\s,]+/) }
 
+      option :secret,
+        :short => "-s SECRET",
+        :long => "--secret ",
+        :description => "The secret key to use to encrypt data bag item values",
+        :proc => lambda { |s| Chef::Config[:knife][:secret] = s }
+
+      option :secret_file,
+        :long => "--secret-file SECRET_FILE",
+        :description => "A file containing the secret key to use to encrypt data bag item values",
+        :proc => lambda { |sf| Chef::Config[:knife][:secret_file] = sf }
+
       option :json_attributes,
         :short => "-j JSON",
         :long => "--json-attributes JSON",
@@ -181,6 +208,18 @@ class Chef
         :boolean => true,
         :default => true
 
+      option :bootstrap_protocol,
+        :long => "--bootstrap-protocol protocol",
+        :description => "protocol to bootstrap windows servers. options: winrm/ssh",
+        :proc => Proc.new { |key| Chef::Config[:knife][:bootstrap_protocol] = key },
+        :default => "winrm"
+
+      option :fqdn,
+        :long => "--fqdn FQDN",
+        :description => "Pre-defined FQDN",
+        :proc => Proc.new { |key| Chef::Config[:knife][:fqdn] = key },
+        :default => nil
+
       option :aws_user_data,
         :long => "--user-data USER_DATA_FILE",
         :short => "-u USER_DATA_FILE",
@@ -209,6 +248,30 @@ class Chef
         :description => "The EC2 server attribute to use for SSH connection",
         :default => nil
 
+    def tcp_test_winrm(ip_addr, port)
+      tcp_socket = TCPSocket.new(ip_addr, port)
+      yield
+      true
+      rescue SocketError
+        sleep 2
+        false
+      rescue Errno::ETIMEDOUT
+        false
+      rescue Errno::EPERM
+        false
+      rescue Errno::ECONNREFUSED
+        sleep 2
+        false
+      rescue Errno::EHOSTUNREACH
+        sleep 2
+        false
+      rescue Errno::ENETUNREACH
+        sleep 2
+        false
+        ensure
+        tcp_socket && tcp_socket.close
+    end
+
       def tcp_test_ssh(hostname, ssh_port)
         tcp_socket = TCPSocket.new(hostname, ssh_port)
         readable = IO.select([tcp_socket], nil, nil, 5)
@@ -224,10 +287,60 @@ class Chef
         false
       rescue Errno::EPERM, Errno::ETIMEDOUT
         false
+      # This happens on some mobile phone networks
+      rescue Errno::ECONNRESET
+        sleep 2
+        false
       ensure
         tcp_socket && tcp_socket.close
       end
 
+      def decrypt_admin_password(encoded_password, key)
+        require 'base64'
+        require 'openssl'
+        private_key = OpenSSL::PKey::RSA.new(key)
+        encrypted_password = Base64.decode64(encoded_password)
+        password = private_key.private_decrypt(encrypted_password)
+        password
+      end
+
+      def check_windows_password_available(server_id)
+        response = connection.get_password_data(server_id)
+        if not response.body["passwordData"]
+          return false
+        end
+        response.body["passwordData"]
+      end
+
+      def windows_password
+        if not locate_config_value(:winrm_password)
+          if locate_config_value(:identity_file)
+            print "\n#{ui.color("Waiting for Windows Admin password to be available", :magenta)}"
+            print(".") until check_windows_password_available(@server.id) {
+              sleep 1000 #typically is available after 30 mins
+              puts("done")
+            }
+            response = connection.get_password_data(@server.id)
+            data = File.read(locate_config_value(:identity_file))
+            config[:winrm_password] = decrypt_admin_password(response.body["passwordData"], data)
+          else
+            ui.error("Cannot find SSH Identity file, required to fetch dynamically generated password")
+            exit 1
+          end
+        else
+          locate_config_value(:winrm_password)
+        end
+      end
+
+      def load_winrm_deps
+        require 'winrm'
+        require 'em-winrm'
+        require 'chef/knife/winrm'
+        require 'chef/knife/bootstrap_windows_winrm'
+        require 'chef/knife/bootstrap_windows_ssh'
+        require 'chef/knife/core/windows_bootstrap_context'
+      end
+
       def run
         $stdout.sync = true
 
@@ -248,6 +361,8 @@ class Chef
           hashed_tags["Name"] = locate_config_value(:chef_node_name) || @server.id
         end
 
+        printed_tags = hashed_tags.map{ |tag, val| "#{tag}: #{val}" }.join(", ")
+
         msg_pair("Instance ID", @server.id)
         msg_pair("Flavor", @server.flavor_id)
         msg_pair("Image", @server.image_id)
@@ -266,7 +381,9 @@ class Chef
         printed_security_group_ids = @server.security_group_ids.join(", ") if @server.security_group_ids
         msg_pair("Security Group Ids", printed_security_group_ids) if vpc_mode? or @server.security_group_ids
 
-        msg_pair("Tags", hashed_tags)
+        msg_pair("IAM Profile", locate_config_value(:iam_instance_profile))
+
+        msg_pair("Tags", printed_tags)
         msg_pair("SSH Key", @server.key_name)
 
         print "\n#{ui.color("Waiting for instance", :magenta)}"
@@ -277,7 +394,7 @@ class Chef
         puts("\n")
 
         # occasionally 'ready?' isn't, so retry a couple times if needed.
-        tries = 6 
+        tries = 6
         begin
           create_tags(hashed_tags) unless hashed_tags.empty?
           associate_eip(elastic_ip) if config[:associate_eip]
@@ -300,21 +417,44 @@ class Chef
         end
         msg_pair("Private IP Address", @server.private_ip_address)
 
-        print "\n#{ui.color("Waiting for sshd", :magenta)}"
 
-        wait_for_sshd(ssh_connect_host)
-
-        bootstrap_for_node(@server,ssh_connect_host).run
+        #Check if Server is Windows or Linux
+        if is_image_windows?
+          protocol = locate_config_value(:bootstrap_protocol)
+          # Set distro to windows-chef-client-msi
+          config[:distro] = "windows-chef-client-msi" if (config[:distro].nil? || config[:distro] == "chef-full")
+          if protocol == 'winrm'
+            load_winrm_deps
+            print "\n#{ui.color("Waiting for winrm", :magenta)}"
+            print(".") until tcp_test_winrm(ssh_connect_host, locate_config_value(:winrm_port)) {
+              sleep 10
+              puts("done")
+            }
+          else
+            print "\n#{ui.color("Waiting for sshd", :magenta)}"
+            #If FreeSSHd, winsshd etc are available
+            print(".") until tcp_test_ssh(ssh_connect_host, config[:ssh_port]) {
+              sleep @initial_sleep_delay ||= (vpc_mode? ? 40 : 10)
+              puts("done")
+            }
+          end
+          bootstrap_for_windows_node(@server,ssh_connect_host).run
+        else
+            wait_for_sshd(ssh_connect_host)
+            bootstrap_for_linux_node(@server,ssh_connect_host).run
+        end
 
         puts "\n"
         msg_pair("Instance ID", @server.id)
         msg_pair("Flavor", @server.flavor_id)
+        msg_pair("Placement Group", @server.placement_group) unless @server.placement_group.nil?
         msg_pair("Image", @server.image_id)
         msg_pair("Region", connection.instance_variable_get(:@region))
         msg_pair("Availability Zone", @server.availability_zone)
         msg_pair("Security Groups", printed_security_groups) unless vpc_mode? or (@server.groups.nil? and @server.security_group_ids)
         msg_pair("Security Group Ids", printed_security_group_ids) if vpc_mode? or @server.security_group_ids
-        msg_pair("Tags", hashed_tags)
+        msg_pair("IAM Profile", locate_config_value(:iam_instance_profile)) if locate_config_value(:iam_instance_profile)
+        msg_pair("Tags", printed_tags)
         msg_pair("SSH Key", @server.key_name)
         msg_pair("Root Device Type", @server.root_device_type)
         if @server.root_device_type == "ebs"
@@ -349,29 +489,74 @@ class Chef
         msg_pair("JSON Attributes",config[:json_attributes]) unless !config[:json_attributes] || config[:json_attributes].empty?
       end
 
-      def bootstrap_for_node(server,ssh_host)
+      def bootstrap_common_params(bootstrap)
+        bootstrap.config[:run_list] = config[:run_list]
+        bootstrap.config[:bootstrap_version] = locate_config_value(:bootstrap_version)
+        bootstrap.config[:distro] = locate_config_value(:distro)
+        bootstrap.config[:template_file] = locate_config_value(:template_file)
+        bootstrap.config[:environment] = locate_config_value(:environment)
+        bootstrap.config[:prerelease] = config[:prerelease]
+        bootstrap.config[:first_boot_attributes] = locate_config_value(:json_attributes) || {}
+        bootstrap.config[:encrypted_data_bag_secret] = locate_config_value(:encrypted_data_bag_secret)
+        bootstrap.config[:encrypted_data_bag_secret_file] = locate_config_value(:encrypted_data_bag_secret_file)
+        bootstrap.config[:secret] = locate_config_value(:secret)
+        bootstrap.config[:secret_file] = locate_config_value(:secret_file)
+        # Modify global configuration state to ensure hint gets set by
+        # knife-bootstrap
+        Chef::Config[:knife][:hints] ||= {}
+        Chef::Config[:knife][:hints]["ec2"] ||= {}
+        bootstrap
+      end
+
+      def fetch_server_fqdn(ip_addr)
+          require 'resolv'
+          Resolv.getname(ip_addr)
+      end
+
+      def bootstrap_for_windows_node(server, fqdn)
+        if locate_config_value(:bootstrap_protocol) == 'winrm'
+            if locate_config_value(:kerberos_realm)
+              #Fetch AD/WINS based fqdn if any for Kerberos-based Auth
+              fqdn = locate_config_value(:fqdn) || fetch_server_fqdn(server.private_ip_address)
+            end
+            bootstrap = Chef::Knife::BootstrapWindowsWinrm.new
+            bootstrap.config[:winrm_user] = locate_config_value(:winrm_user)
+            bootstrap.config[:winrm_password] = windows_password
+            bootstrap.config[:winrm_transport] = locate_config_value(:winrm_transport)
+            bootstrap.config[:kerberos_keytab_file] = locate_config_value(:kerberos_keytab_file)
+            bootstrap.config[:kerberos_realm] = locate_config_value(:kerberos_realm)
+            bootstrap.config[:kerberos_service] = locate_config_value(:kerberos_service)
+            bootstrap.config[:ca_trust_file] = locate_config_value(:ca_trust_file)
+            bootstrap.config[:winrm_port] = locate_config_value(:winrm_port)
+
+        elsif locate_config_value(:bootstrap_protocol) == 'ssh'
+            bootstrap = Chef::Knife::BootstrapWindowsSsh.new
+            bootstrap.config[:ssh_user] = locate_config_value(:ssh_user)
+            bootstrap.config[:ssh_password] = locate_config_value(:ssh_password)
+            bootstrap.config[:ssh_port] = locate_config_value(:ssh_port)
+            bootstrap.config[:identity_file] = locate_config_value(:identity_file)
+            bootstrap.config[:no_host_key_verify] = locate_config_value(:no_host_key_verify)
+        else
+            ui.error("Unsupported Bootstrapping Protocol. Supported : winrm, ssh")
+            exit 1
+        end
+        bootstrap.name_args = [fqdn]
+        bootstrap.config[:chef_node_name] = config[:chef_node_name] || server.id
+        bootstrap_common_params(bootstrap)
+      end
+
+      def bootstrap_for_linux_node(server,ssh_host)
         bootstrap = Chef::Knife::Bootstrap.new
         bootstrap.name_args = [ssh_host]
-        bootstrap.config[:run_list] = locate_config_value(:run_list) || []
         bootstrap.config[:ssh_user] = config[:ssh_user]
         bootstrap.config[:ssh_port] = config[:ssh_port]
         bootstrap.config[:ssh_gateway] = config[:ssh_gateway]
         bootstrap.config[:identity_file] = config[:identity_file]
         bootstrap.config[:chef_node_name] = locate_config_value(:chef_node_name) || server.id
-        bootstrap.config[:prerelease] = config[:prerelease]
-        bootstrap.config[:bootstrap_version] = locate_config_value(:bootstrap_version)
-        bootstrap.config[:first_boot_attributes] = locate_config_value(:json_attributes) || {}
-        bootstrap.config[:distro] = locate_config_value(:distro) || "chef-full"
         bootstrap.config[:use_sudo] = true unless config[:ssh_user] == 'root'
-        bootstrap.config[:template_file] = locate_config_value(:template_file)
-        bootstrap.config[:environment] = config[:environment]
         # may be needed for vpc_mode
         bootstrap.config[:host_key_verify] = config[:host_key_verify]
-        # Modify global configuration state to ensure hint gets set by
-        # knife-bootstrap
-        Chef::Config[:knife][:hints] ||= {}
-        Chef::Config[:knife][:hints]["ec2"] ||= {}
-        bootstrap
+        bootstrap_common_params(bootstrap)
       end
 
       def vpc_mode?
@@ -440,6 +625,8 @@ class Chef
         }
         server_def[:subnet_id] = locate_config_value(:subnet_id) if vpc_mode?
         server_def[:private_ip_address] = locate_config_value(:private_ip_address) if vpc_mode?
+        server_def[:placement_group] = locate_config_value(:placement_group)
+        server_def[:iam_instance_profile_name] = locate_config_value(:iam_instance_profile)
 
         if Chef::Config[:knife][:aws_user_data]
           begin