knife-windows 1.0.0 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/DOC_CHANGES.md +9 -328
- data/RELEASE_NOTES.md +12 -60
- data/lib/chef/knife/bootstrap_windows_base.rb +13 -0
- data/lib/chef/knife/bootstrap_windows_winrm.rb +1 -1
- data/lib/chef/knife/core/windows_bootstrap_context.rb +2 -1
- data/lib/chef/knife/winrm_knife_base.rb +2 -2
- data/lib/chef/knife/winrm_session.rb +2 -0
- data/lib/chef/knife/wsman_test.rb +1 -2
- data/lib/knife-windows/version.rb +1 -1
- data/spec/assets/win_template_rendered_with_bootstrap_install_command_on_12_5_client.txt +217 -0
- data/spec/assets/win_template_rendered_without_bootstrap_install_command_on_12_5_client.txt +329 -0
- data/spec/functional/bootstrap_download_spec.rb +21 -4
- data/spec/unit/knife/bootstrap_options_spec.rb +0 -4
- data/spec/unit/knife/bootstrap_windows_winrm_spec.rb +3 -0
- data/spec/unit/knife/winrm_session_spec.rb +18 -0
- metadata +6 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 81d9379be8e11c9b0cb2bf4fa2d47271a6f135b1
|
4
|
+
data.tar.gz: aa5ea98e4e3b3c76df720bffeff00a520e0256a0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 781cf47a85296df881f58a66190f01b8bdf8076914d162f116a01d93a194fc27b1e7c9967580773a4d5bd7c59c30af667fc7199489bd883afe014f2a777b2f83
|
7
|
+
data.tar.gz: 4144ac2c72d6a64ad36afed9fffdca77eb8ef2dc04e39a3a4a6caa7796874ac91660c9972b89fd829c70a9055dd3833e0cad2e0928e91844362d5c5d02d88145
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,11 @@
|
|
1
1
|
# knife-windows Change Log
|
2
2
|
|
3
|
+
## Release 1.1.0
|
4
|
+
* [https://github.com/chef/knife-windows/pull/302](Address regression caused by chef client 12.5 environment argument)
|
5
|
+
* [https://github.com/chef/knife-windows/issues/295](Bootstrap missing policy_group, policy_name feature from Chef Client 12.5)
|
6
|
+
* [https://github.com/chef/knife-windows/issues/296](Installing knife-windows produces warning for _all_ knife commands in Mac OS X with ChefDK 0.8.0)
|
7
|
+
* [https://github.com/chef/knife-windows/pull/297](use configured proxy settings for all winrm sessions)
|
8
|
+
|
3
9
|
## Release 1.0.0
|
4
10
|
|
5
11
|
* [knife-windows #281](https://github.com/chef/knife-windows/pull/281) Prevent unencrypted negotiate auth, automatically prefix local usernames with '.' for negotiate
|
data/DOC_CHANGES.md
CHANGED
@@ -5,335 +5,16 @@ Example Doc Change:
|
|
5
5
|
### Headline for the required change
|
6
6
|
Description of the required change.
|
7
7
|
-->
|
8
|
-
# knife-windows 1.
|
8
|
+
# knife-windows 1.1.0 doc changes
|
9
9
|
|
10
|
-
###
|
11
|
-
The following commands enable alternate ways to download and install
|
12
|
-
Chef Client during bootstrap:
|
10
|
+
### Support for `http_proxy` setting for `winrm` and `bootstrap windows winrm` subcommands
|
13
11
|
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
location for instance.
|
18
|
-
* `--install-as-service`: Optional. Install chef-client as a Windows service
|
19
|
-
* `--bootstrap-install-command`: Optional. Instead of downloading Chef
|
20
|
-
Client and installing it using a default installation command,
|
21
|
-
bootstrap will invoke this command. If an image already has
|
22
|
-
Chef Client installed, this command can be specified as empty
|
23
|
-
(`''`), in which case no installation will be done and the rest of
|
24
|
-
bootstrap will proceed as if it's already installed.
|
12
|
+
Both the `knife winrm` and `knife bootstrap windows winrm` subcommands
|
13
|
+
will honor the `http_proxy` configuration in the `knife.rb`
|
14
|
+
configuration file.
|
25
15
|
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
(configured by the `winrm_transport` option) is SSL, otherwise it is **5985**.
|
31
|
-
These defaults correspond to the port assignment conventions for the WinRM
|
32
|
-
protocol, which is also honored by WinRM tools built-in to Windows such as the
|
33
|
-
`winrs` tool.
|
16
|
+
When this setting is configured, the `WinRM` traffic between the
|
17
|
+
workstation executing `knife` and the remote node will flow through
|
18
|
+
the proxy server configured with `http_proxy`. See the specific
|
19
|
+
documentation for `http_proxy` for additional details.
|
34
20
|
|
35
|
-
In previous releases, the default port was always 5985, regardless of the
|
36
|
-
transport being used. To override the default, specify the `winrm_port`
|
37
|
-
(`-p`) option and specify the desired port as the option's value.
|
38
|
-
|
39
|
-
### WinRM authentication protocol defaults to `negotiate` regardless of name formats
|
40
|
-
Unless explicitly overridden using the new `winrm_authentication_protocol`
|
41
|
-
option, `knife-windows` subcommands that use WinRM will authenticate using the
|
42
|
-
negotiate protocol, just as the tools built-in to the Windows operating
|
43
|
-
system would do.
|
44
|
-
|
45
|
-
Previously, `knife-windows` would use basic authentication, unless the
|
46
|
-
username specified to the `winrm_user` option had the format `domain\user`,
|
47
|
-
and in that case `knife-windows` would use negotiate authentication.
|
48
|
-
|
49
|
-
To override the new behavior, specify the `winrm_authentication_protocol`
|
50
|
-
option with a value of either the `basic` or `kerberos` to choose a different
|
51
|
-
authentication protocol.
|
52
|
-
|
53
|
-
### New `:winrm_authentication_protocol` option
|
54
|
-
|
55
|
-
This option allows the authentication protocol used for WinRM communication to
|
56
|
-
be explicitly specified. The supported protocol values are `kerberos`, `negotiate`,
|
57
|
-
and `basic`, each of which directs `knife-windows` to use the respective authentication protocols.
|
58
|
-
|
59
|
-
If the option is not specified, `knife-windows` treats this as a default value
|
60
|
-
of `negotiate` and the tool uses negotiate authentication for WinRM.
|
61
|
-
|
62
|
-
### New `:winrm_ssl_verify_mode` option
|
63
|
-
When running the `winrm` and `bootstrap windows` subcommands with the
|
64
|
-
`winrm_transport` option set to `ssl` to communicate with a remote Windows system using
|
65
|
-
the WinRM protocol via the SSL transport, you may disable `knife`'s verification of
|
66
|
-
the remote system's SSL certificate. This is useful for testing or
|
67
|
-
troubleshooting SSL connectivity before you've verified the certificate of the remote system's SSL WinRM listener.
|
68
|
-
|
69
|
-
The option that controls whether the server is validated is the
|
70
|
-
`knife[:winrm_verify_ssl_mode]` option, which has the same values as Chef's
|
71
|
-
[`:ssl_verify_mode`](https://docs.getchef.com/config_rb_client.html#settings) option. By default, the option is set to `:verify_peer`,
|
72
|
-
which means that SSL communication must be verified using a certificate file
|
73
|
-
specified by the `:ca_trust_file` option. To avoid the need to have this file available
|
74
|
-
during testing, you can specify the `knife[:winrm_ssl_verify_mode]` option in
|
75
|
-
`knife.rb` OR specify it directly on the `knife` command line as
|
76
|
-
`--winrm-ssl-verify-mode` and set its value to `:verify_none`, which will
|
77
|
-
override the default behavior and skip the verification of the remote system
|
78
|
-
-- there is no need to specify the `:ca_trust_file` option in this case.
|
79
|
-
|
80
|
-
Here's an example that disables peer verification:
|
81
|
-
|
82
|
-
knife winrm -m 192.168.0.6 -x 'mydomain\myuser' -P "$PASSWORDVAR" -t ssl --winrm-ssl-verify-mode verify_none ipconfig
|
83
|
-
|
84
|
-
This option should be used carefully since disabling the verification of the
|
85
|
-
remote system's certificate can subject knife commands to spoofing attacks.
|
86
|
-
|
87
|
-
### New subcommands to automate WinRM SSL listener configuration
|
88
|
-
The WinRM protocol may be encapsulated by SSL, but the configuration of such
|
89
|
-
connections can be difficult, particularly when the WinRM client is a
|
90
|
-
non-Windows system. Three new knife subcommands have been implemented in
|
91
|
-
knife-windows 1.0.0.rc.0 to simplify and automate this configuration:
|
92
|
-
|
93
|
-
* `knife windows cert generate` subcommand:
|
94
|
-
Generates certificates in formats useful for creating WinRM SSL listeners.
|
95
|
-
It also generates a related public key file in .pem format to validating
|
96
|
-
communication involving listeners configured with the generated certificate.
|
97
|
-
* `knife windows cert install` subcommand:
|
98
|
-
Installs a certificate such as one generated by the `cert generate`
|
99
|
-
subcommand into the Windows certificate store so that it can be used as the
|
100
|
-
SSL certificate for a WinRM listener. This command will only function on the
|
101
|
-
Windows operating system. Certificates are always installed in the
|
102
|
-
computer's personal store, i.e. the store that can be viewed via the
|
103
|
-
PowerShell command `ls Cert:\LocalMachine\My`.
|
104
|
-
* `knife windows listener create` subcommand:
|
105
|
-
Creates a WinRM listener on a Windows system. This command functions only on
|
106
|
-
the Windows operating system.
|
107
|
-
|
108
|
-
#### Example WinRM listener configuration workflows
|
109
|
-
|
110
|
-
The subcommands are used in the following scenarios
|
111
|
-
|
112
|
-
##### Creation of a new listener with a new SSL certificate
|
113
|
-
|
114
|
-
This workflow assumes that WinRM is enabled on the system, which can be
|
115
|
-
accomplished with the command
|
116
|
-
|
117
|
-
winrm quickconfig
|
118
|
-
|
119
|
-
If you're creating a listener and don't already have an SSL certificate with
|
120
|
-
which to configure it, you can quickly create an enabled listener with a short
|
121
|
-
sequence of commands. The example below assumes that the `knife-windows`
|
122
|
-
plugin is being executed on a Windows system via the PowerShell command shell,
|
123
|
-
and that the system is registered with the relevant DNS with the name
|
124
|
-
`mysystem.myorg.org` and that this is the name with which the user would like
|
125
|
-
to remotely access this system.
|
126
|
-
|
127
|
-
This sequence of commands creates a listener -- it assumes the existence of the directory `winrmcerts`
|
128
|
-
under the user's profile directory:
|
129
|
-
|
130
|
-
knife windows cert generate --domain myorg.org --output-file $env:userprofile/winrmcerts/winrm-ssl
|
131
|
-
knife windows listener create --hostname *.myorg.org --cert-install $env:userprofile/winrmcerts/winrm-ssl.pfx
|
132
|
-
|
133
|
-
The first command, `cert generate`, may be executed on any computer (even one not running the
|
134
|
-
Windows operating system) and produces three files. The first two are certificates containing
|
135
|
-
private keys that should be stored securely. The 3rd is a `.pem` file
|
136
|
-
containing the public key required to validate the server. This file may be
|
137
|
-
shared. The command also outputs the thumbprint of the generated certificate,
|
138
|
-
which is useful for finding the certificate in a certificate store or using
|
139
|
-
with other commands that require the thumbprint.
|
140
|
-
|
141
|
-
The next command, `listener create`, creates the SSL listener -- if it is executed on a different
|
142
|
-
system than that which generated the certificates, the required certificate
|
143
|
-
file **must** be transferred securely to the system on which the listener will
|
144
|
-
be created. It requires a PKCS12 `.pfx` file for the `--cert-install` argument
|
145
|
-
which is one of the files generated by the previous `cert generate` command.
|
146
|
-
|
147
|
-
After these commands are executed, an SSL listener will be created listening
|
148
|
-
on TCP port 5986, the default WinRM SSL port. Using PowerShell, the following
|
149
|
-
command will show this and other listeners on the system:
|
150
|
-
|
151
|
-
ls wsman:\localhost\listener
|
152
|
-
|
153
|
-
As an alternative to the command sequence above, the `cert install` command could be used to install the
|
154
|
-
certificate in a separate step, i which case the `--cert-install` option must
|
155
|
-
be replaced with the `--cert-thumbprint` option to use the generated
|
156
|
-
certificate's thumbprint to identify the certificate with which the listener
|
157
|
-
should be configured:
|
158
|
-
|
159
|
-
knife windows cert generate --domain myorg.org --output-file $env:userprofile/winrmcerts/winrm-ssl
|
160
|
-
knife windows cert install $env:userprofile/winrmcerts/winrm-ssl
|
161
|
-
knife windows listener create --hostname *.myorg.org --cert-thumbprint 1F3A70E2601FA1576BC4850ED2D7EF6587076423
|
162
|
-
|
163
|
-
The system would then be in the same state as that after the original shorter
|
164
|
-
command sequence.
|
165
|
-
|
166
|
-
Note that the `cert install` command could be skipped if the certificate
|
167
|
-
already exists in the personal certificate store of the computer. To view that store and
|
168
|
-
see the thumbprints of certificates that could be used with the `listener
|
169
|
-
create` command to create an SSL listener, the following PowerShell command
|
170
|
-
may be executed:
|
171
|
-
|
172
|
-
ls Cert:\LocalMachine\My
|
173
|
-
|
174
|
-
##### Connecting to a configured SSL listeners
|
175
|
-
|
176
|
-
In order to connect securely to the configured SSL listener via the `knife
|
177
|
-
winrm` or `knife bootstrap windows winrm` subcommands, the workstation running
|
178
|
-
`knife` must have a `.pem` file that contains the listener's public key, such
|
179
|
-
as the one generated by `knife windows cert generate`. If the file was
|
180
|
-
generated from a different system than the one initiating the connection with
|
181
|
-
the listener, it must be transferred securely to the initiating system.
|
182
|
-
|
183
|
-
For example, assume the file `./winrmcerts/myserver.pem` was securely
|
184
|
-
copied from another system on which the `cert generate` command originally
|
185
|
-
produced the file. Now it can be used against a system with the appropriately
|
186
|
-
configured listener as follows:
|
187
|
-
|
188
|
-
knife winrm -f ./winrmcerts/myserver.pem -m myserver.myorg.com -t ssl ipconfig -x 'my_ad_domain\myuser' -P "$PASSWORDVAR"
|
189
|
-
|
190
|
-
This will send the output of the Windows command `ipconfig` on the remote
|
191
|
-
system. The argument to the `-f` option is the public key for the listener so
|
192
|
-
that the listener's authenticity can be validated. The specified key
|
193
|
-
can simply be a copy of the `.pem` file generated by the `cert generate` subcommand if
|
194
|
-
that was used to create the certificates for the listener. The user
|
195
|
-
`my_ad_domain\myuser` in the example is a user in the Windows Active Directory
|
196
|
-
domain `my_ad_domain`.
|
197
|
-
|
198
|
-
Alternatively, the [`knife ssl fetch`](https://docs.chef.io/knife_ssl_fetch.html) command can be used to retrieve the
|
199
|
-
public key for the listener by simply reading it from the listener, though this command *must* be executed under
|
200
|
-
conditions where the connection to the server is considered secure:
|
201
|
-
|
202
|
-
knife ssl fetch https://myserver.myorg.org:5986/wsman
|
203
|
-
knife winrm -f ./.chef/trusted_certs/wildcard_myorg_org.crt -m myserver.myorg.com -t ssl ipconfig -x 'my_ad_domain\myuser' -P "$PASSWORDVAR"
|
204
|
-
|
205
|
-
In the `fetch` subcommand, the URL specified for testing WinRM connectivity to
|
206
|
-
a given server SERVER on port PORT takes the form `https://SERVER:PORT/wsman`,
|
207
|
-
hence the url specified above to retrieve the key for `myserver.myorg.org`.
|
208
|
-
The command also outputs the location to which the key was retrieved, which
|
209
|
-
can then be used as input to a subsequent `knife winrm` command.
|
210
|
-
|
211
|
-
For that `knife winrm` command in the example, the argument to the `-f` option is again the public key -- this time its value
|
212
|
-
of `./.chef/trusted_certs/wildcard_myorg_org.crt` is the file system location to which
|
213
|
-
`knife ssl fetch` retrieved the public key.
|
214
|
-
|
215
|
-
#### Testing WinRM SSL configuration
|
216
|
-
|
217
|
-
The techniques below are useful for validating a WinRM listener's configuration -- all
|
218
|
-
examples below assume there is a WinRM SSL listener configured on a remote Windows
|
219
|
-
system `winserver.myoffice.com` on the default WinRM port of 5986 and this is
|
220
|
-
the server being tested.
|
221
|
-
|
222
|
-
##### PowerShell's `test-wsman` cmdlet
|
223
|
-
If you have access to a workstation running
|
224
|
-
the Windows 8 or Windows Server 2012 or later versions of the Windows
|
225
|
-
operating systems, you can use the `test-wsman` command to validate the
|
226
|
-
configuration of a listener on a remote system `winserver.myoffice.com`:
|
227
|
-
|
228
|
-
1. On the Windows workstation client (not the system with the listener),
|
229
|
-
install the .pfx public key certificate for the listener using
|
230
|
-
certmgr.msc. This should be installed in the personal store under *"Trusted
|
231
|
-
Root Certification Authorities"*.
|
232
|
-
2. Start PowerShell, and use it to run this command:
|
233
|
-
`test-wsman -ComputerName winserver.myoffice.com -UseSSL`
|
234
|
-
|
235
|
-
If the command executes without error, the ssl configuration is correct.
|
236
|
-
|
237
|
-
##### End to end SSL testing with `knife winrm`
|
238
|
-
|
239
|
-
To validate that SSL is enabled for the listener without validating the
|
240
|
-
server's certificate, the `--winrm-ssl-verify-mode` option of the `winrm`
|
241
|
-
subcommand can be used:
|
242
|
-
|
243
|
-
knife winrm -m winserver.myoffice.com -t ssl --winrm-ssl-verify-mode verify_none ipconfig -x 'my_ad_domain\myuser' -P "$PASSWORDVAR"
|
244
|
-
|
245
|
-
If this succeeds, then any failures to execute the command when correctly
|
246
|
-
validating the server, i.e. when specifying the `-f` parameter, are due to
|
247
|
-
certificate configuration issues, not other connectivity or authentication
|
248
|
-
problems.
|
249
|
-
|
250
|
-
##### The winrs tool
|
251
|
-
|
252
|
-
The `winrs` tool is built into Windows, so if a Windows system is available,
|
253
|
-
`winrs` may be used to troubleshoot. It takes parameters analogous to those of
|
254
|
-
`knife winrm` and differences in success and failure between the two tools may
|
255
|
-
indicate areas to investigate.
|
256
|
-
|
257
|
-
Visit Microsoft's documentation for [`winrs`](https://technet.microsoft.com/en-us/library/hh875630.aspx) to learn more about the tool.
|
258
|
-
|
259
|
-
### Troubleshooting WinRM authentication issues
|
260
|
-
|
261
|
-
Authentication issues can be debugged by loosening the authentication
|
262
|
-
requirements on the server and explicitly using
|
263
|
-
`--winrm-authentication-protocol` option for `knife winrm` to attempt to
|
264
|
-
connect. As an example, the following PowerShell commands on the server will allow basic authentication
|
265
|
-
and unencrypted communication:
|
266
|
-
|
267
|
-
si wsman:\localhost\service\allowunencrypted $true
|
268
|
-
# Don't set the following if attempting domain authentication
|
269
|
-
si wsman:\localhost\service\auth\basic $true
|
270
|
-
|
271
|
-
From the client, `knife winrm` can be instructed to explicitly allow basic
|
272
|
-
authentication when validating authentication using a non-domain (i.e. local)
|
273
|
-
account:
|
274
|
-
|
275
|
-
# For testing a local account
|
276
|
-
knife winrm -m winserver.myoffice.com --winrm-authentication-protocol basic ipconfig -x 'localuser' -P "$PASSWORDVAR" -VV
|
277
|
-
|
278
|
-
# For testing a domain account
|
279
|
-
knife winrm -m winserver.myoffice.com --winrm-authentication-protocol negotiate ipconfig -x 'localuser' -P "$PASSWORDVAR" -VV
|
280
|
-
|
281
|
-
If the listener is an SSL listener, the additional arguments `-t ssl
|
282
|
-
--winrm-ssl-verify-mode verify_none` should be supplied to enable SSL
|
283
|
-
communication and disable peer verification for testing. The specification of
|
284
|
-
`-VV` enables additional detailed debug output that can provide clues to the
|
285
|
-
root cause of any failures.
|
286
|
-
|
287
|
-
If the command fails, there is either a connectivity issue or a problem with
|
288
|
-
an incorrect or expired password or disabled account.
|
289
|
-
|
290
|
-
If the command succeeds, try the following
|
291
|
-
|
292
|
-
si wsman:\localhost\service\allowunencrypted $false
|
293
|
-
|
294
|
-
Then retry the earlier `knife winrm` command. If it fails, this may indicate
|
295
|
-
an issue with your operating system's ability to encrypt traffic, particularly
|
296
|
-
when using the `plaintext` transport, i.e. when not using the `SSL` transport.
|
297
|
-
In that case, the Windows platform supports encryption of plaintext traffic
|
298
|
-
through native Windows authentication protocols, but such support is often incomplete on other platforms.
|
299
|
-
|
300
|
-
If the command succeeds, then there may be a more subtle issue with negotiate
|
301
|
-
authentication. It may be necessary to explicitly specify a domain in the user
|
302
|
-
name parameter (e.g. `mydomain\myuser` rather than just `user`) for instance,
|
303
|
-
or a specified domain may actually be incorrect and something that should be omitted.
|
304
|
-
|
305
|
-
### Platform WinRM authentication support
|
306
|
-
|
307
|
-
`knife-windows` supports `Kerberos`, `Negotiate`, and `Basic` authentication
|
308
|
-
for WinRM communication. However, some of these protocols
|
309
|
-
may not work with `knife-windows` on non-Windows systems because
|
310
|
-
`knife-windows` relies on operating system libraries such as GSSAPI to implement
|
311
|
-
Windows authentication, and some versions of these libraries do not
|
312
|
-
fully implement the protocols.
|
313
|
-
|
314
|
-
The following table shows the authentication protocols that can be used with
|
315
|
-
`knife-windows` depending on whether the knife workstation is a Windows
|
316
|
-
system, the transport, and whether or not the target user is a domain user or
|
317
|
-
local to the target Windows system.
|
318
|
-
|
319
|
-
| Workstation OS / Account Scope | SSL | Plaintext |
|
320
|
-
|--------------------------------|------------------------------|----------------------------|
|
321
|
-
| Windows / Local | Kerberos, Negotiate* , Basic | Kerberos, Negotiate, Basic |
|
322
|
-
| Windows / Domain | Kerberos, Negotiate | Kerberos, Negotiate |
|
323
|
-
| Non-Windows / Local | Kerberos, [Negotiate*](https://github.com/chef/knife-windows/issues/176) Basic | Kerberos, Basic |
|
324
|
-
| Non-Windows / Domain | Kerberos, Negotiate | Kerberos |
|
325
|
-
|
326
|
-
> \* There is a known defect in the `knife winrm` and `knife bootstrap windows
|
327
|
-
> winrm` subcommands invoked on any OS platform when authenticating with the Negotiate protocol over
|
328
|
-
> the SSL transport. The defect is tracked by
|
329
|
-
> [knife-windows issue #176](https://github.com/chef/knife-windows/issues/176): If the remote system is
|
330
|
-
> domain-joined, local accounts may not be used to authenticate via Negotiate
|
331
|
-
> over SSL -- only domain accounts will work. Local accounts will only
|
332
|
-
> successfully authenticate if the system is not joined to a domain.
|
333
|
-
>
|
334
|
-
> This is generally not an issue for bootstrap scenarios, where the
|
335
|
-
> system has yet to be joined to any domain, but can be a problem for remote
|
336
|
-
> management cases after the system is domain joined. Workarounds include using
|
337
|
-
> a domain account instead, or enabling Basic authentication on the remote
|
338
|
-
> system (unencrypted communication **does not** need to be enabled to make
|
339
|
-
> Basic authentication function over SSL).
|
data/RELEASE_NOTES.md
CHANGED
@@ -6,74 +6,26 @@ Example Note:
|
|
6
6
|
## Example Heading
|
7
7
|
Details about the thing that changed that needs to get included in the Release Notes in markdown.
|
8
8
|
-->
|
9
|
-
# knife-windows 1.
|
10
|
-
This release of knife-windows includes
|
11
|
-
|
12
|
-
|
9
|
+
# knife-windows 1.1.0 release notes:
|
10
|
+
This release of knife-windows includes an important fix for an
|
11
|
+
incompatibility issue with Chef Client 12.5 during bootstrap. If you
|
12
|
+
are running knife-windows 1.0.0, please upgrade to this version. See
|
13
|
+
the following issue for details: https://github.com/chef/knife-windows/pull/302
|
13
14
|
|
14
|
-
You can install
|
15
|
+
You can install this version using the `gem` command:
|
15
16
|
|
16
17
|
gem install knife-windows
|
17
18
|
|
18
|
-
Due to dependency conflicts, to use knife-windows 1.0.0+ with ChefDK
|
19
|
-
0.6.2, you must also upgrade chef-provisioning to 1.2.0+ and update
|
20
|
-
the line referencing chef-provisioning in
|
21
|
-
`c:\opscode\chefdk\bin\chef`. To avoid this, use ChefDk 0.7.0 or later
|
22
|
-
with this version of `knife-windows`.
|
23
|
-
|
24
|
-
chef gem install knife-windows
|
25
|
-
chef gem install chef-provisioning
|
26
|
-
|
27
19
|
## Reporting issues and contributing
|
28
|
-
|
29
20
|
`knife-windows` issues like those addressed in this release should be reported in the ticketing system at https://github.com/chef/knife-windows/issues. You can learn more about how to contribute features and bug fixes to `knife-windows` in the [Chef Contributions document](http://docs.chef.io/community_contributions.html).
|
30
21
|
|
31
|
-
##
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
communication is negotiate, which is the same as that for tools built-in to
|
36
|
-
the Windows operating system. Prior to this release, the protocol depended
|
37
|
-
on the format of the `--winrm-user` option -- the basic authentication
|
38
|
-
protocol would be assumed unless that option had the format `domain\user`.
|
39
|
-
|
40
|
-
To revert to the behavior of previous releases or otherwise force `knife-windows` to use a specific authentication protocol such as
|
41
|
-
basic, use the `--winrm-authentication-protocol` option.
|
42
|
-
|
43
|
-
### Default WinRM port depends on the transport
|
44
|
-
The default port for WinRM communication is now **5986** when the SSL transport is used (the transport is
|
45
|
-
configured by the `winrm_transport` option), otherwise it is **5985**. In
|
46
|
-
previous releases, if the port was not specified, it was always 5985.
|
47
|
-
|
48
|
-
To override this behavior, explicitly specify the desired port using the
|
49
|
-
`winrm_port` (`-p`) option.
|
50
|
-
|
51
|
-
### Kerberos Keytab short option is now -T
|
52
|
-
The short option flag for --keytab-file is now -T to fix a conflict with the --identity-file option.
|
53
|
-
|
54
|
-
## Features added in knife-windows 1.0.0
|
55
|
-
* New `--winrm-authentication-protocol` option for explicit control of WinRM authentication
|
56
|
-
* `knife windows cert generate` subcommand:
|
57
|
-
Generates a certificate and related public key file for use in configuring a WinRM listener and validating communication involving it.
|
58
|
-
* `knife windows cert install` subcommand:
|
59
|
-
Installs a certificate such as one generated by the `cert generate`
|
60
|
-
subcommand into the Windows certificate store's LocalMachine personal store
|
61
|
-
so that it can be used as part of the configuration for a WinRM SSL listener
|
62
|
-
* `knife windows listener create` subcommand:
|
63
|
-
Creates a WinRM SSL listener on a Windows system
|
64
|
-
* Added `--hint` option for creating Ohai hints on bootstrap
|
65
|
-
* Validatorless bootstrapping is now supported
|
66
|
-
* New `--bootstrap-install-command` option allows an alternate command
|
67
|
-
to be used to install Chef Client
|
68
|
-
* New `--install-as-service` option will have Chef Client be installed
|
69
|
-
as a Windows service on bootstrap
|
70
|
-
* Added `--msi_url` option for providing an alternate URL to the Chef Client installation package
|
71
|
-
* `knife wsman test` subcommand:
|
72
|
-
Verifies winrm functionality on a remote system, e.g. `knife wsman
|
73
|
-
test 192.168.1.10 -m --winrm-transport ssl`
|
22
|
+
## New features -- proxy support for WinRM
|
23
|
+
The `winrm` and `bootstrap windows winrm` subcommands now honor the
|
24
|
+
proxy server configured via the `http_proxy` setting in `knife.rb` for
|
25
|
+
WinRM traffic.
|
74
26
|
|
75
|
-
## Issues fixed in knife-windows 1.
|
76
|
-
See the [knife-windows 1.
|
27
|
+
## Issues fixed in knife-windows 1.1.0
|
28
|
+
See the [knife-windows 1.1.0 CHANGELOG](https://github.com/chef/knife-windows/blob/1.1.0/CHANGELOG.md)
|
77
29
|
for the list of issues fixed in this release.
|
78
30
|
|
79
31
|
## knife-windows on RubyGems and Github
|
@@ -179,6 +179,16 @@ class Chef
|
|
179
179
|
Chef::Config[:knife][:bootstrap_vault_item]
|
180
180
|
}
|
181
181
|
|
182
|
+
option :policy_name,
|
183
|
+
:long => "--policy-name POLICY_NAME",
|
184
|
+
:description => "Policyfile name to use (--policy-group must also be given)",
|
185
|
+
:default => nil
|
186
|
+
|
187
|
+
option :policy_group,
|
188
|
+
:long => "--policy-group POLICY_GROUP",
|
189
|
+
:description => "Policy group name to use (--policy-name must also be given)",
|
190
|
+
:default => nil
|
191
|
+
|
182
192
|
option :tags,
|
183
193
|
:long => "--tags TAGS",
|
184
194
|
:description => "Comma separated list of tags to apply to the node",
|
@@ -264,6 +274,9 @@ class Chef
|
|
264
274
|
|
265
275
|
validate_name_args!
|
266
276
|
|
277
|
+
# adding respond_to? so this works with pre 12.4 chef clients
|
278
|
+
validate_options! if respond_to?(:validate_options!)
|
279
|
+
|
267
280
|
@node_name = Array(@name_args).first
|
268
281
|
# back compat--templates may use this setting:
|
269
282
|
config[:server_name] = @node_name
|
@@ -140,8 +140,9 @@ CONFIG
|
|
140
140
|
end
|
141
141
|
|
142
142
|
def start_chef
|
143
|
+
bootstrap_environment_option = bootstrap_environment.nil? ? '' : " -E #{bootstrap_environment}"
|
143
144
|
start_chef = "SET \"PATH=%PATH%;C:\\ruby\\bin;C:\\opscode\\chef\\bin;C:\\opscode\\chef\\embedded\\bin\"\n"
|
144
|
-
start_chef << "chef-client -c c:/chef/client.rb -j c:/chef/first-boot.json
|
145
|
+
start_chef << "chef-client -c c:/chef/client.rb -j c:/chef/first-boot.json#{bootstrap_environment_option}\n"
|
145
146
|
end
|
146
147
|
|
147
148
|
def latest_current_windows_chef_version_query
|
@@ -34,7 +34,7 @@ class Chef
|
|
34
34
|
include Chef::Knife::WinrmSharedOptions
|
35
35
|
include Chef::Knife::KnifeWindowsBase
|
36
36
|
|
37
|
-
def
|
37
|
+
def validate_winrm_options!
|
38
38
|
winrm_auth_protocol = locate_config_value(:winrm_authentication_protocol)
|
39
39
|
|
40
40
|
if ! Chef::Knife::WinrmBase::WINRM_AUTH_PROTOCOL_LIST.include?(winrm_auth_protocol)
|
@@ -60,7 +60,7 @@ class Chef
|
|
60
60
|
#Overrides Chef::Knife#configure_session, as that code is tied to the SSH implementation
|
61
61
|
#Tracked by Issue # 3042 / https://github.com/chef/chef/issues/3042
|
62
62
|
def configure_session
|
63
|
-
|
63
|
+
validate_winrm_options!
|
64
64
|
resolve_session_options
|
65
65
|
resolve_target_nodes
|
66
66
|
session_from_list
|
@@ -16,6 +16,7 @@
|
|
16
16
|
# limitations under the License.
|
17
17
|
#
|
18
18
|
|
19
|
+
require 'chef/application'
|
19
20
|
require 'winrm'
|
20
21
|
|
21
22
|
class Chef
|
@@ -24,6 +25,7 @@ class Chef
|
|
24
25
|
attr_reader :host, :endpoint, :port, :output, :error, :exit_code
|
25
26
|
|
26
27
|
def initialize(options)
|
28
|
+
Chef::Application.new.configure_proxy_environment_variables
|
27
29
|
@host = options[:host]
|
28
30
|
@port = options[:port]
|
29
31
|
url = "#{options[:host]}:#{options[:port]}/wsman"
|
@@ -17,11 +17,9 @@
|
|
17
17
|
#
|
18
18
|
|
19
19
|
require 'httpclient'
|
20
|
-
require 'nokogiri'
|
21
20
|
require 'chef/knife'
|
22
21
|
require 'chef/knife/winrm_knife_base'
|
23
22
|
require 'chef/knife/wsman_endpoint'
|
24
|
-
require 'pry'
|
25
23
|
|
26
24
|
class Chef
|
27
25
|
class Knife
|
@@ -66,6 +64,7 @@ class Chef
|
|
66
64
|
if response.nil? || output_object.response_status_code != 200
|
67
65
|
error_message = "No valid WSMan endoint listening at #{item.endpoint}."
|
68
66
|
else
|
67
|
+
require 'nokogiri'
|
69
68
|
doc = Nokogiri::XML response.body
|
70
69
|
namespace = 'http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd'
|
71
70
|
output_object.protocol_version = doc.xpath('//wsmid:ProtocolVersion', 'wsmid' => namespace).text
|
@@ -0,0 +1,217 @@
|
|
1
|
+
@rem
|
2
|
+
@rem Author:: Seth Chisamore (<schisamo@opscode.com>)
|
3
|
+
@rem Copyright:: Copyright (c) 2011 Opscode, Inc.
|
4
|
+
@rem License:: Apache License, Version 2.0
|
5
|
+
@rem
|
6
|
+
@rem Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
@rem you may not use this file except in compliance with the License.
|
8
|
+
@rem You may obtain a copy of the License at
|
9
|
+
@rem
|
10
|
+
@rem http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
@rem
|
12
|
+
@rem Unless required by applicable law or agreed to in writing, software
|
13
|
+
@rem distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
@rem See the License for the specific language governing permissions and
|
16
|
+
@rem limitations under the License.
|
17
|
+
@rem
|
18
|
+
|
19
|
+
@rem Use delayed environment expansion so that ERRORLEVEL can be evaluated with the
|
20
|
+
@rem !ERRORLEVEL! syntax which evaluates at execution of the line of script, not when
|
21
|
+
@rem the line is read. See help for the /E switch from cmd.exe /? .
|
22
|
+
@setlocal ENABLEDELAYEDEXPANSION
|
23
|
+
|
24
|
+
|
25
|
+
|
26
|
+
@set BOOTSTRAP_DIRECTORY=C:\chef
|
27
|
+
@echo Checking for existing directory "%BOOTSTRAP_DIRECTORY%"...
|
28
|
+
@if NOT EXIST %BOOTSTRAP_DIRECTORY% (
|
29
|
+
@echo Existing directory not found, creating.
|
30
|
+
@mkdir %BOOTSTRAP_DIRECTORY%
|
31
|
+
) else (
|
32
|
+
@echo Existing directory found, skipping creation.
|
33
|
+
)
|
34
|
+
|
35
|
+
> C:\chef\wget.vbs (
|
36
|
+
echo.url = WScript.Arguments.Named^("url"^)
|
37
|
+
echo.path = WScript.Arguments.Named^("path"^)
|
38
|
+
echo.proxy = null
|
39
|
+
echo.'* Vaguely attempt to handle file:// scheme urls by url unescaping and switching all
|
40
|
+
echo.'* / into . Also assume that file:/// is a local absolute path and that file://^<foo^>
|
41
|
+
echo.'* is possibly a network file path.
|
42
|
+
echo.If InStr^(url, "file://"^) = 1 Then
|
43
|
+
echo.url = Unescape^(url^)
|
44
|
+
echo.If InStr^(url, "file:///"^) = 1 Then
|
45
|
+
echo.sourcePath = Mid^(url, Len^("file:///"^) + 1^)
|
46
|
+
echo.Else
|
47
|
+
echo.sourcePath = Mid^(url, Len^("file:"^) + 1^)
|
48
|
+
echo.End If
|
49
|
+
echo.sourcePath = Replace^(sourcePath, "/", "\"^)
|
50
|
+
echo.
|
51
|
+
echo.Set objFSO = CreateObject^("Scripting.FileSystemObject"^)
|
52
|
+
echo.If objFSO.Fileexists^(path^) Then objFSO.DeleteFile path
|
53
|
+
echo.objFSO.CopyFile sourcePath, path, true
|
54
|
+
echo.Set objFSO = Nothing
|
55
|
+
echo.
|
56
|
+
echo.Else
|
57
|
+
echo.Set objXMLHTTP = CreateObject^("MSXML2.ServerXMLHTTP"^)
|
58
|
+
echo.Set wshShell = CreateObject^( "WScript.Shell" ^)
|
59
|
+
echo.Set objUserVariables = wshShell.Environment^("USER"^)
|
60
|
+
echo.
|
61
|
+
echo.rem http proxy is optional
|
62
|
+
echo.rem attempt to read from HTTP_PROXY env var first
|
63
|
+
echo.On Error Resume Next
|
64
|
+
echo.
|
65
|
+
echo.If NOT ^(objUserVariables^("HTTP_PROXY"^) = ""^) Then
|
66
|
+
echo.proxy = objUserVariables^("HTTP_PROXY"^)
|
67
|
+
echo.
|
68
|
+
echo.rem fall back to named arg
|
69
|
+
echo.ElseIf NOT ^(WScript.Arguments.Named^("proxy"^) = ""^) Then
|
70
|
+
echo.proxy = WScript.Arguments.Named^("proxy"^)
|
71
|
+
echo.End If
|
72
|
+
echo.
|
73
|
+
echo.If NOT isNull^(proxy^) Then
|
74
|
+
echo.rem setProxy method is only available on ServerXMLHTTP 6.0+
|
75
|
+
echo.Set objXMLHTTP = CreateObject^("MSXML2.ServerXMLHTTP.6.0"^)
|
76
|
+
echo.objXMLHTTP.setProxy 2, proxy
|
77
|
+
echo.End If
|
78
|
+
echo.
|
79
|
+
echo.On Error Goto 0
|
80
|
+
echo.
|
81
|
+
echo.objXMLHTTP.open "GET", url, false
|
82
|
+
echo.objXMLHTTP.send^(^)
|
83
|
+
echo.If objXMLHTTP.Status = 200 Then
|
84
|
+
echo.Set objADOStream = CreateObject^("ADODB.Stream"^)
|
85
|
+
echo.objADOStream.Open
|
86
|
+
echo.objADOStream.Type = 1
|
87
|
+
echo.objADOStream.Write objXMLHTTP.ResponseBody
|
88
|
+
echo.objADOStream.Position = 0
|
89
|
+
echo.Set objFSO = Createobject^("Scripting.FileSystemObject"^)
|
90
|
+
echo.If objFSO.Fileexists^(path^) Then objFSO.DeleteFile path
|
91
|
+
echo.Set objFSO = Nothing
|
92
|
+
echo.objADOStream.SaveToFile path
|
93
|
+
echo.objADOStream.Close
|
94
|
+
echo.Set objADOStream = Nothing
|
95
|
+
echo.End If
|
96
|
+
echo.Set objXMLHTTP = Nothing
|
97
|
+
echo.End If
|
98
|
+
|
99
|
+
)
|
100
|
+
|
101
|
+
> C:\chef\wget.ps1 (
|
102
|
+
echo.param^(
|
103
|
+
echo. [String] $remoteUrl,
|
104
|
+
echo. [String] $localPath
|
105
|
+
echo.^)
|
106
|
+
echo.
|
107
|
+
echo.$webClient = new-object System.Net.WebClient;
|
108
|
+
echo.
|
109
|
+
echo.$webClient.DownloadFile^($remoteUrl, $localPath^);
|
110
|
+
|
111
|
+
)
|
112
|
+
|
113
|
+
@rem Determine the version and the architecture
|
114
|
+
|
115
|
+
@FOR /F "usebackq tokens=1-8 delims=.[] " %%A IN (`ver`) DO (
|
116
|
+
@set WinMajor=%%D
|
117
|
+
@set WinMinor=%%E
|
118
|
+
@set WinBuild=%%F
|
119
|
+
)
|
120
|
+
|
121
|
+
@echo Detected Windows Version %WinMajor%.%WinMinor% Build %WinBuild%
|
122
|
+
|
123
|
+
@set LATEST_OS_VERSION_MAJOR=6
|
124
|
+
@set LATEST_OS_VERSION_MINOR=3
|
125
|
+
|
126
|
+
@if /i %WinMajor% GTR %LATEST_OS_VERSION_MAJOR% goto VersionUnknown
|
127
|
+
@if /i %WinMajor% EQU %LATEST_OS_VERSION_MAJOR% (
|
128
|
+
@if /i %WinMinor% GTR %LATEST_OS_VERSION_MINOR% goto VersionUnknown
|
129
|
+
)
|
130
|
+
|
131
|
+
goto Version%WinMajor%.%WinMinor%
|
132
|
+
|
133
|
+
:VersionUnknown
|
134
|
+
@rem If this is an unknown version of windows set the default
|
135
|
+
@set MACHINE_OS=2008r2
|
136
|
+
@echo Warning: Unknown version of Windows, assuming default of Windows %MACHINE_OS%
|
137
|
+
goto architecture_select
|
138
|
+
|
139
|
+
:Version6.0
|
140
|
+
@set MACHINE_OS=2008
|
141
|
+
goto architecture_select
|
142
|
+
|
143
|
+
:Version5.2
|
144
|
+
@set MACHINE_OS=2003r2
|
145
|
+
goto architecture_select
|
146
|
+
|
147
|
+
:Version6.1
|
148
|
+
@set MACHINE_OS=2008r2
|
149
|
+
goto architecture_select
|
150
|
+
|
151
|
+
:Version6.2
|
152
|
+
@set MACHINE_OS=2012
|
153
|
+
goto architecture_select
|
154
|
+
|
155
|
+
@rem Currently Windows Server 2012 R2 is treated as equivalent to Windows Server 2012
|
156
|
+
:Version6.3
|
157
|
+
goto Version6.2
|
158
|
+
|
159
|
+
:architecture_select
|
160
|
+
goto Architecture%PROCESSOR_ARCHITEW6432%
|
161
|
+
|
162
|
+
:Architecture
|
163
|
+
goto Architecture%PROCESSOR_ARCHITECTURE%
|
164
|
+
|
165
|
+
@rem If this is an unknown architecture set the default
|
166
|
+
@set MACHINE_ARCH=i686
|
167
|
+
goto install
|
168
|
+
|
169
|
+
:Architecturex86
|
170
|
+
@set MACHINE_ARCH=i686
|
171
|
+
goto install
|
172
|
+
|
173
|
+
:Architectureamd64
|
174
|
+
@set MACHINE_ARCH=x86_64
|
175
|
+
goto install
|
176
|
+
|
177
|
+
:install
|
178
|
+
@rem If user has provided the custom installation command for chef-client then execute it
|
179
|
+
chef-client -o recipe[cbk1::rec2]
|
180
|
+
|
181
|
+
@endlocal
|
182
|
+
|
183
|
+
@echo off
|
184
|
+
|
185
|
+
|
186
|
+
echo Writing validation key...
|
187
|
+
|
188
|
+
|
189
|
+
echo Validation key written.
|
190
|
+
@echo on
|
191
|
+
|
192
|
+
|
193
|
+
|
194
|
+
|
195
|
+
> C:\chef\client.rb (
|
196
|
+
echo.log_level :info
|
197
|
+
echo.log_location STDOUT
|
198
|
+
echo.
|
199
|
+
echo.chef_server_url "https://localhost:443"
|
200
|
+
echo.validation_client_name "chef-validator"
|
201
|
+
echo.
|
202
|
+
echo.file_cache_path "c:/chef/cache"
|
203
|
+
echo.file_backup_path "c:/chef/backup"
|
204
|
+
echo.cache_options ^({:path =^> "c:/chef/cache/checksums", :skip_expires =^> true}^)
|
205
|
+
echo.
|
206
|
+
echo.# Using default node name ^(fqdn^)
|
207
|
+
|
208
|
+
)
|
209
|
+
|
210
|
+
> C:\chef\first-boot.json (
|
211
|
+
echo.{"run_list":null}
|
212
|
+
)
|
213
|
+
|
214
|
+
@echo Starting chef to bootstrap the node...
|
215
|
+
SET "PATH=%PATH%;C:\ruby\bin;C:\opscode\chef\bin;C:\opscode\chef\embedded\bin"
|
216
|
+
chef-client -c c:/chef/client.rb -j c:/chef/first-boot.json
|
217
|
+
|
@@ -0,0 +1,329 @@
|
|
1
|
+
@rem
|
2
|
+
@rem Author:: Seth Chisamore (<schisamo@opscode.com>)
|
3
|
+
@rem Copyright:: Copyright (c) 2011 Opscode, Inc.
|
4
|
+
@rem License:: Apache License, Version 2.0
|
5
|
+
@rem
|
6
|
+
@rem Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
@rem you may not use this file except in compliance with the License.
|
8
|
+
@rem You may obtain a copy of the License at
|
9
|
+
@rem
|
10
|
+
@rem http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
@rem
|
12
|
+
@rem Unless required by applicable law or agreed to in writing, software
|
13
|
+
@rem distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
@rem See the License for the specific language governing permissions and
|
16
|
+
@rem limitations under the License.
|
17
|
+
@rem
|
18
|
+
|
19
|
+
@rem Use delayed environment expansion so that ERRORLEVEL can be evaluated with the
|
20
|
+
@rem !ERRORLEVEL! syntax which evaluates at execution of the line of script, not when
|
21
|
+
@rem the line is read. See help for the /E switch from cmd.exe /? .
|
22
|
+
@setlocal ENABLEDELAYEDEXPANSION
|
23
|
+
|
24
|
+
|
25
|
+
|
26
|
+
@set BOOTSTRAP_DIRECTORY=C:\chef
|
27
|
+
@echo Checking for existing directory "%BOOTSTRAP_DIRECTORY%"...
|
28
|
+
@if NOT EXIST %BOOTSTRAP_DIRECTORY% (
|
29
|
+
@echo Existing directory not found, creating.
|
30
|
+
@mkdir %BOOTSTRAP_DIRECTORY%
|
31
|
+
) else (
|
32
|
+
@echo Existing directory found, skipping creation.
|
33
|
+
)
|
34
|
+
|
35
|
+
> C:\chef\wget.vbs (
|
36
|
+
echo.url = WScript.Arguments.Named^("url"^)
|
37
|
+
echo.path = WScript.Arguments.Named^("path"^)
|
38
|
+
echo.proxy = null
|
39
|
+
echo.'* Vaguely attempt to handle file:// scheme urls by url unescaping and switching all
|
40
|
+
echo.'* / into . Also assume that file:/// is a local absolute path and that file://^<foo^>
|
41
|
+
echo.'* is possibly a network file path.
|
42
|
+
echo.If InStr^(url, "file://"^) = 1 Then
|
43
|
+
echo.url = Unescape^(url^)
|
44
|
+
echo.If InStr^(url, "file:///"^) = 1 Then
|
45
|
+
echo.sourcePath = Mid^(url, Len^("file:///"^) + 1^)
|
46
|
+
echo.Else
|
47
|
+
echo.sourcePath = Mid^(url, Len^("file:"^) + 1^)
|
48
|
+
echo.End If
|
49
|
+
echo.sourcePath = Replace^(sourcePath, "/", "\"^)
|
50
|
+
echo.
|
51
|
+
echo.Set objFSO = CreateObject^("Scripting.FileSystemObject"^)
|
52
|
+
echo.If objFSO.Fileexists^(path^) Then objFSO.DeleteFile path
|
53
|
+
echo.objFSO.CopyFile sourcePath, path, true
|
54
|
+
echo.Set objFSO = Nothing
|
55
|
+
echo.
|
56
|
+
echo.Else
|
57
|
+
echo.Set objXMLHTTP = CreateObject^("MSXML2.ServerXMLHTTP"^)
|
58
|
+
echo.Set wshShell = CreateObject^( "WScript.Shell" ^)
|
59
|
+
echo.Set objUserVariables = wshShell.Environment^("USER"^)
|
60
|
+
echo.
|
61
|
+
echo.rem http proxy is optional
|
62
|
+
echo.rem attempt to read from HTTP_PROXY env var first
|
63
|
+
echo.On Error Resume Next
|
64
|
+
echo.
|
65
|
+
echo.If NOT ^(objUserVariables^("HTTP_PROXY"^) = ""^) Then
|
66
|
+
echo.proxy = objUserVariables^("HTTP_PROXY"^)
|
67
|
+
echo.
|
68
|
+
echo.rem fall back to named arg
|
69
|
+
echo.ElseIf NOT ^(WScript.Arguments.Named^("proxy"^) = ""^) Then
|
70
|
+
echo.proxy = WScript.Arguments.Named^("proxy"^)
|
71
|
+
echo.End If
|
72
|
+
echo.
|
73
|
+
echo.If NOT isNull^(proxy^) Then
|
74
|
+
echo.rem setProxy method is only available on ServerXMLHTTP 6.0+
|
75
|
+
echo.Set objXMLHTTP = CreateObject^("MSXML2.ServerXMLHTTP.6.0"^)
|
76
|
+
echo.objXMLHTTP.setProxy 2, proxy
|
77
|
+
echo.End If
|
78
|
+
echo.
|
79
|
+
echo.On Error Goto 0
|
80
|
+
echo.
|
81
|
+
echo.objXMLHTTP.open "GET", url, false
|
82
|
+
echo.objXMLHTTP.send^(^)
|
83
|
+
echo.If objXMLHTTP.Status = 200 Then
|
84
|
+
echo.Set objADOStream = CreateObject^("ADODB.Stream"^)
|
85
|
+
echo.objADOStream.Open
|
86
|
+
echo.objADOStream.Type = 1
|
87
|
+
echo.objADOStream.Write objXMLHTTP.ResponseBody
|
88
|
+
echo.objADOStream.Position = 0
|
89
|
+
echo.Set objFSO = Createobject^("Scripting.FileSystemObject"^)
|
90
|
+
echo.If objFSO.Fileexists^(path^) Then objFSO.DeleteFile path
|
91
|
+
echo.Set objFSO = Nothing
|
92
|
+
echo.objADOStream.SaveToFile path
|
93
|
+
echo.objADOStream.Close
|
94
|
+
echo.Set objADOStream = Nothing
|
95
|
+
echo.End If
|
96
|
+
echo.Set objXMLHTTP = Nothing
|
97
|
+
echo.End If
|
98
|
+
|
99
|
+
)
|
100
|
+
|
101
|
+
> C:\chef\wget.ps1 (
|
102
|
+
echo.param^(
|
103
|
+
echo. [String] $remoteUrl,
|
104
|
+
echo. [String] $localPath
|
105
|
+
echo.^)
|
106
|
+
echo.
|
107
|
+
echo.$webClient = new-object System.Net.WebClient;
|
108
|
+
echo.
|
109
|
+
echo.$webClient.DownloadFile^($remoteUrl, $localPath^);
|
110
|
+
|
111
|
+
)
|
112
|
+
|
113
|
+
@rem Determine the version and the architecture
|
114
|
+
|
115
|
+
@FOR /F "usebackq tokens=1-8 delims=.[] " %%A IN (`ver`) DO (
|
116
|
+
@set WinMajor=%%D
|
117
|
+
@set WinMinor=%%E
|
118
|
+
@set WinBuild=%%F
|
119
|
+
)
|
120
|
+
|
121
|
+
@echo Detected Windows Version %WinMajor%.%WinMinor% Build %WinBuild%
|
122
|
+
|
123
|
+
@set LATEST_OS_VERSION_MAJOR=6
|
124
|
+
@set LATEST_OS_VERSION_MINOR=3
|
125
|
+
|
126
|
+
@if /i %WinMajor% GTR %LATEST_OS_VERSION_MAJOR% goto VersionUnknown
|
127
|
+
@if /i %WinMajor% EQU %LATEST_OS_VERSION_MAJOR% (
|
128
|
+
@if /i %WinMinor% GTR %LATEST_OS_VERSION_MINOR% goto VersionUnknown
|
129
|
+
)
|
130
|
+
|
131
|
+
goto Version%WinMajor%.%WinMinor%
|
132
|
+
|
133
|
+
:VersionUnknown
|
134
|
+
@rem If this is an unknown version of windows set the default
|
135
|
+
@set MACHINE_OS=2008r2
|
136
|
+
@echo Warning: Unknown version of Windows, assuming default of Windows %MACHINE_OS%
|
137
|
+
goto architecture_select
|
138
|
+
|
139
|
+
:Version6.0
|
140
|
+
@set MACHINE_OS=2008
|
141
|
+
goto architecture_select
|
142
|
+
|
143
|
+
:Version5.2
|
144
|
+
@set MACHINE_OS=2003r2
|
145
|
+
goto architecture_select
|
146
|
+
|
147
|
+
:Version6.1
|
148
|
+
@set MACHINE_OS=2008r2
|
149
|
+
goto architecture_select
|
150
|
+
|
151
|
+
:Version6.2
|
152
|
+
@set MACHINE_OS=2012
|
153
|
+
goto architecture_select
|
154
|
+
|
155
|
+
@rem Currently Windows Server 2012 R2 is treated as equivalent to Windows Server 2012
|
156
|
+
:Version6.3
|
157
|
+
goto Version6.2
|
158
|
+
|
159
|
+
:architecture_select
|
160
|
+
goto Architecture%PROCESSOR_ARCHITEW6432%
|
161
|
+
|
162
|
+
:Architecture
|
163
|
+
goto Architecture%PROCESSOR_ARCHITECTURE%
|
164
|
+
|
165
|
+
@rem If this is an unknown architecture set the default
|
166
|
+
@set MACHINE_ARCH=i686
|
167
|
+
goto install
|
168
|
+
|
169
|
+
:Architecturex86
|
170
|
+
@set MACHINE_ARCH=i686
|
171
|
+
goto install
|
172
|
+
|
173
|
+
:Architectureamd64
|
174
|
+
@set MACHINE_ARCH=x86_64
|
175
|
+
goto install
|
176
|
+
|
177
|
+
:install
|
178
|
+
@rem If user has provided the custom installation command for chef-client then execute it
|
179
|
+
@rem Install Chef using chef-client MSI installer
|
180
|
+
|
181
|
+
@set "LOCAL_DESTINATION_MSI_PATH=%TEMP%\chef-client-latest.msi"
|
182
|
+
@set "CHEF_CLIENT_MSI_LOG_PATH=%TEMP%\chef-client-msi%RANDOM%.log"
|
183
|
+
|
184
|
+
@rem Clear any pre-existing downloads
|
185
|
+
@echo Checking for existing downloaded package at "%LOCAL_DESTINATION_MSI_PATH%"
|
186
|
+
@if EXIST "%LOCAL_DESTINATION_MSI_PATH%" (
|
187
|
+
@echo Found existing downloaded package, deleting.
|
188
|
+
@del /f /q "%LOCAL_DESTINATION_MSI_PATH%"
|
189
|
+
@if ERRORLEVEL 1 (
|
190
|
+
echo Warning: Failed to delete pre-existing package with status code !ERRORLEVEL! > "&2"
|
191
|
+
)
|
192
|
+
) else (
|
193
|
+
echo No existing downloaded packages to delete.
|
194
|
+
)
|
195
|
+
|
196
|
+
@rem If there is somehow a name collision, remove pre-existing log
|
197
|
+
@if EXIST "%CHEF_CLIENT_MSI_LOG_PATH%" del /f /q "%CHEF_CLIENT_MSI_LOG_PATH%"
|
198
|
+
|
199
|
+
@echo Attempting to download client package using PowerShell if available...
|
200
|
+
@set "REMOTE_SOURCE_MSI_URL=https://www.chef.io/chef/download?p=windows&pv=%MACHINE_OS%&m=%MACHINE_ARCH%&DownloadContext=PowerShell&v=12"
|
201
|
+
@set powershell_download=powershell.exe -ExecutionPolicy Unrestricted -NoProfile -NonInteractive -File C:\chef\wget.ps1 "%REMOTE_SOURCE_MSI_URL%" "%LOCAL_DESTINATION_MSI_PATH%"
|
202
|
+
@echo !powershell_download!
|
203
|
+
@call !powershell_download!
|
204
|
+
|
205
|
+
@set DOWNLOAD_ERROR_STATUS=!ERRORLEVEL!
|
206
|
+
|
207
|
+
@if ERRORLEVEL 1 (
|
208
|
+
@echo Failed PowerShell download with status code !DOWNLOAD_ERROR_STATUS! > "&2"
|
209
|
+
@if !DOWNLOAD_ERROR_STATUS!==0 set DOWNLOAD_ERROR_STATUS=2
|
210
|
+
) else (
|
211
|
+
@rem Sometimes the error level is not set even when the download failed,
|
212
|
+
@rem so check for the file to be sure it is there -- if it is not, we will retry
|
213
|
+
@if NOT EXIST "%LOCAL_DESTINATION_MSI_PATH%" (
|
214
|
+
echo Failed download: download completed, but downloaded file not found > "&2"
|
215
|
+
set DOWNLOAD_ERROR_STATUS=2
|
216
|
+
) else (
|
217
|
+
echo Download via PowerShell succeeded.
|
218
|
+
)
|
219
|
+
)
|
220
|
+
|
221
|
+
@if NOT %DOWNLOAD_ERROR_STATUS%==0 (
|
222
|
+
@echo Warning: Failed to download "%REMOTE_SOURCE_MSI_URL%" to "%LOCAL_DESTINATION_MSI_PATH%"
|
223
|
+
@echo Warning: Retrying download with cscript ...
|
224
|
+
|
225
|
+
@if EXIST "%LOCAL_DESTINATION_MSI_PATH%" del /f /q "%LOCAL_DESTINATION_MSI_PATH%"
|
226
|
+
|
227
|
+
@set "REMOTE_SOURCE_MSI_URL=https://www.chef.io/chef/download?p=windows&pv=%MACHINE_OS%&m=%MACHINE_ARCH%&v=12"
|
228
|
+
cscript /nologo C:\chef\wget.vbs /url:"%REMOTE_SOURCE_MSI_URL%" /path:"%LOCAL_DESTINATION_MSI_PATH%"
|
229
|
+
|
230
|
+
@if NOT ERRORLEVEL 1 (
|
231
|
+
@rem Sometimes the error level is not set even when the download failed,
|
232
|
+
@rem so check for the file to be sure it is there.
|
233
|
+
@if NOT EXIST "%LOCAL_DESTINATION_MSI_PATH%" (
|
234
|
+
echo Failed download: download completed, but downloaded file not found > "&2"
|
235
|
+
echo Exiting without bootstrapping due to download failure. > "&2"
|
236
|
+
exit /b 1
|
237
|
+
) else (
|
238
|
+
echo Download via cscript succeeded.
|
239
|
+
)
|
240
|
+
) else (
|
241
|
+
echo Failed to download "%REMOTE_SOURCE_MSI_URL%" with status code !ERRORLEVEL!. > "&2"
|
242
|
+
echo Exiting without bootstrapping due to download failure. > "&2"
|
243
|
+
exit /b 1
|
244
|
+
)
|
245
|
+
)
|
246
|
+
|
247
|
+
@echo Installing downloaded client package...
|
248
|
+
|
249
|
+
msiexec /qn /log "%CHEF_CLIENT_MSI_LOG_PATH%" /i "%LOCAL_DESTINATION_MSI_PATH%"
|
250
|
+
@set MSIERRORCODE=!ERRORLEVEL!
|
251
|
+
@if ERRORLEVEL 1 (
|
252
|
+
@echo WARNING: Failed to install Chef Client MSI package in remote context with status code !MSIERRORCODE!.
|
253
|
+
@echo WARNING: This may be due to a defect in operating system update KB2918614: http://support.microsoft.com/kb/2918614
|
254
|
+
@set OLDLOGLOCATION="%CHEF_CLIENT_MSI_LOG_PATH%-fail.log"
|
255
|
+
@move "%CHEF_CLIENT_MSI_LOG_PATH%" "!OLDLOGLOCATION!" > NUL
|
256
|
+
@echo WARNING: Saving installation log of failure at !OLDLOGLOCATION!
|
257
|
+
@echo WARNING: Retrying installation with local context...
|
258
|
+
@schtasks /create /f /sc once /st 00:00:00 /tn chefclientbootstraptask /ru SYSTEM /rl HIGHEST /tr "cmd /c msiexec /qn /log '%CHEF_CLIENT_MSI_LOG_PATH%' /i '%LOCAL_DESTINATION_MSI_PATH%' & sleep 2 & waitfor /s %computername% /si chefclientinstalldone"
|
259
|
+
|
260
|
+
@if ERRORLEVEL 1 (
|
261
|
+
@echo ERROR: Failed to create Chef Client installation scheduled task with status code !ERRORLEVEL! > "&2"
|
262
|
+
) else (
|
263
|
+
@echo Successfully created scheduled task to install Chef Client.
|
264
|
+
@schtasks /run /tn chefclientbootstraptask
|
265
|
+
@if ERRORLEVEL 1 (
|
266
|
+
@echo ERROR: Failed to execut Chef Client installation scheduled task with status code !ERRORLEVEL!. > "&2"
|
267
|
+
) else (
|
268
|
+
@echo Successfully started Chef Client installation scheduled task.
|
269
|
+
@echo Waiting for installation to complete -- this may take a few minutes...
|
270
|
+
waitfor chefclientinstalldone /t 600
|
271
|
+
if ERRORLEVEL 1 (
|
272
|
+
@echo ERROR: Timed out waiting for Chef Client package to install
|
273
|
+
) else (
|
274
|
+
@echo Finished waiting for Chef Client package to install.
|
275
|
+
)
|
276
|
+
@schtasks /delete /f /tn chefclientbootstraptask > NUL
|
277
|
+
)
|
278
|
+
)
|
279
|
+
) else (
|
280
|
+
@echo Successfully installed Chef Client package.
|
281
|
+
)
|
282
|
+
|
283
|
+
|
284
|
+
@if ERRORLEVEL 1 (
|
285
|
+
echo Chef-client package failed to install with status code !ERRORLEVEL!. > "&2"
|
286
|
+
echo See installation log for additional detail: %CHEF_CLIENT_MSI_LOG_PATH%. > "&2"
|
287
|
+
) else (
|
288
|
+
@echo Installation completed successfully
|
289
|
+
del /f /q "%CHEF_CLIENT_MSI_LOG_PATH%"
|
290
|
+
)
|
291
|
+
|
292
|
+
|
293
|
+
@endlocal
|
294
|
+
|
295
|
+
@echo off
|
296
|
+
|
297
|
+
|
298
|
+
echo Writing validation key...
|
299
|
+
|
300
|
+
|
301
|
+
echo Validation key written.
|
302
|
+
@echo on
|
303
|
+
|
304
|
+
|
305
|
+
|
306
|
+
|
307
|
+
> C:\chef\client.rb (
|
308
|
+
echo.log_level :info
|
309
|
+
echo.log_location STDOUT
|
310
|
+
echo.
|
311
|
+
echo.chef_server_url "https://localhost:443"
|
312
|
+
echo.validation_client_name "chef-validator"
|
313
|
+
echo.
|
314
|
+
echo.file_cache_path "c:/chef/cache"
|
315
|
+
echo.file_backup_path "c:/chef/backup"
|
316
|
+
echo.cache_options ^({:path =^> "c:/chef/cache/checksums", :skip_expires =^> true}^)
|
317
|
+
echo.
|
318
|
+
echo.# Using default node name ^(fqdn^)
|
319
|
+
|
320
|
+
)
|
321
|
+
|
322
|
+
> C:\chef\first-boot.json (
|
323
|
+
echo.{"run_list":null}
|
324
|
+
)
|
325
|
+
|
326
|
+
@echo Starting chef to bootstrap the node...
|
327
|
+
SET "PATH=%PATH%;C:\ruby\bin;C:\opscode\chef\bin;C:\opscode\chef\embedded\bin"
|
328
|
+
chef-client -c c:/chef/client.rb -j c:/chef/first-boot.json
|
329
|
+
|
@@ -133,8 +133,9 @@ describe 'Knife::Windows::Core msi download functionality for knife Windows winr
|
|
133
133
|
end
|
134
134
|
|
135
135
|
allow(winrm_bootstrapper).to receive(:wait_for_remote_response)
|
136
|
+
allow(winrm_bootstrapper).to receive(:validate_options!)
|
136
137
|
winrm_bootstrapper.config[:template_file] = @template_file_path
|
137
|
-
|
138
|
+
winrm_bootstrapper.config[:run_list] = []
|
138
139
|
# Execute the commands locally that would normally be executed via WinRM
|
139
140
|
allow(winrm_bootstrapper).to receive(:run_command) do |command|
|
140
141
|
system(command)
|
@@ -147,7 +148,7 @@ describe 'Knife::Windows::Core msi download functionality for knife Windows winr
|
|
147
148
|
end
|
148
149
|
end
|
149
150
|
|
150
|
-
describe "bootstrap_install_command functionality through WinRM protocol", :if_chef_11 => true
|
151
|
+
describe "bootstrap_install_command functionality through WinRM protocol", :if_chef_11 => true do
|
151
152
|
context "bootstrap_install_command option is not specified" do
|
152
153
|
let(:bootstrap) { Chef::Knife::BootstrapWindowsWinrm.new([]) }
|
153
154
|
before do
|
@@ -155,10 +156,18 @@ describe "bootstrap_install_command functionality through WinRM protocol", :if_c
|
|
155
156
|
@template_output = sample_data('win_template_rendered_without_bootstrap_install_command.txt')
|
156
157
|
end
|
157
158
|
|
158
|
-
it "bootstrap_install_command option is not rendered in the windows-chef-client-msi.erb template as its value is nil" do
|
159
|
+
it "bootstrap_install_command option is not rendered in the windows-chef-client-msi.erb template as its value is nil", :chef_lt_12_5_only => true do
|
159
160
|
expect(bootstrap.send(:render_template,@template_input)).to eq(
|
160
161
|
@template_output)
|
161
162
|
end
|
163
|
+
|
164
|
+
context "when running chef-client 12.5.0 or greater", :chef_gte_12_5_only => true do
|
165
|
+
let(:template_12_5_output) { sample_data('win_template_rendered_without_bootstrap_install_command_on_12_5_client.txt') }
|
166
|
+
it "bootstrap_install_command option is not rendered in the windows-chef-client-msi.erb template as its value is nil" do
|
167
|
+
expect(bootstrap.send(:render_template,@template_input)).to eq(
|
168
|
+
template_12_5_output)
|
169
|
+
end
|
170
|
+
end
|
162
171
|
end
|
163
172
|
|
164
173
|
context "bootstrap_install_command option is specified" do
|
@@ -169,11 +178,19 @@ describe "bootstrap_install_command functionality through WinRM protocol", :if_c
|
|
169
178
|
@template_output = sample_data('win_template_rendered_with_bootstrap_install_command.txt')
|
170
179
|
end
|
171
180
|
|
172
|
-
it "bootstrap_install_command option is rendered in the windows-chef-client-msi.erb template" do
|
181
|
+
it "bootstrap_install_command option is rendered in the windows-chef-client-msi.erb template", :chef_lt_12_5_only => true do
|
173
182
|
expect(bootstrap.send(:render_template,@template_input)).to eq(
|
174
183
|
@template_output)
|
175
184
|
end
|
176
185
|
|
186
|
+
context "when running chef-client 12.5.0 or greater", :chef_gte_12_5_only => true do
|
187
|
+
let(:template_12_5_output) { sample_data('win_template_rendered_with_bootstrap_install_command_on_12_5_client.txt') }
|
188
|
+
it "bootstrap_install_command option is rendered in the windows-chef-client-msi.erb template" do
|
189
|
+
expect(bootstrap.send(:render_template,@template_input)).to eq(
|
190
|
+
template_12_5_output)
|
191
|
+
end
|
192
|
+
end
|
193
|
+
|
177
194
|
after do
|
178
195
|
bootstrap.config.delete(:bootstrap_install_command)
|
179
196
|
Chef::Config[:knife].delete(:bootstrap_install_command)
|
@@ -94,8 +94,6 @@ expected: #{expected}
|
|
94
94
|
:use_sudo,
|
95
95
|
:use_sudo_password,
|
96
96
|
:encrypt, # irrelevant during bootstrap
|
97
|
-
:policy_name, # NYI, issue https://github.com/chef/knife-windows/issues/295
|
98
|
-
:policy_group, #https://github.com/chef/knife-windows/issues/295
|
99
97
|
]}
|
100
98
|
|
101
99
|
# win_ignore: Options in windows that aren't relevant to core.
|
@@ -134,8 +132,6 @@ expected: #{expected}
|
|
134
132
|
:use_sudo,
|
135
133
|
:use_sudo_password,
|
136
134
|
:encrypt, # irrelevant during bootstrap
|
137
|
-
:policy_name, # NYI, issue https://github.com/chef/knife-windows/issues/295
|
138
|
-
:policy_group, #https://github.com/chef/knife-windows/issues/295
|
139
135
|
]}
|
140
136
|
# win_ignore: Options in windows that aren't relevant to core.
|
141
137
|
let(:win_ignore) { [
|
@@ -26,6 +26,8 @@ describe Chef::Knife::BootstrapWindowsWinrm do
|
|
26
26
|
end
|
27
27
|
|
28
28
|
before do
|
29
|
+
bootstrap.config[:run_list] = []
|
30
|
+
allow(bootstrap).to receive(:validate_options!).and_return(nil)
|
29
31
|
# Kernel.stub(:sleep).and_return 10
|
30
32
|
allow(bootstrap).to receive(:sleep).and_return(10)
|
31
33
|
allow(File).to receive(:exist?).with(File.expand_path(Chef::Config[:validation_key])).and_return(true)
|
@@ -173,6 +175,7 @@ describe Chef::Knife::BootstrapWindowsWinrm do
|
|
173
175
|
allow(bootstrap).to receive(:create_bootstrap_bat_command).and_raise(SystemExit)
|
174
176
|
expect(bootstrap).to receive(:wait_for_remote_response).with(2)
|
175
177
|
allow(bootstrap).to receive(:validate_name_args!).and_return(nil)
|
178
|
+
|
176
179
|
allow(bootstrap.ui).to receive(:info)
|
177
180
|
bootstrap.config[:auth_timeout] = bootstrap.options[:auth_timeout][:default]
|
178
181
|
expect { bootstrap.bootstrap }.to raise_error(SystemExit)
|
@@ -26,10 +26,15 @@ describe Chef::Knife::WinrmSession do
|
|
26
26
|
let(:options) { { transport: :plaintext } }
|
27
27
|
|
28
28
|
before do
|
29
|
+
@original_config = Chef::Config.hash_dup
|
29
30
|
allow(WinRM::WinRMWebService).to receive(:new).and_return(winrm_service)
|
30
31
|
allow(winrm_service).to receive(:set_timeout)
|
31
32
|
end
|
32
33
|
|
34
|
+
after do
|
35
|
+
Chef::Config.configuration = @original_config
|
36
|
+
end
|
37
|
+
|
33
38
|
subject { Chef::Knife::WinrmSession.new(options) }
|
34
39
|
|
35
40
|
describe "#initialize" do
|
@@ -41,6 +46,19 @@ describe Chef::Knife::WinrmSession do
|
|
41
46
|
subject
|
42
47
|
end
|
43
48
|
end
|
49
|
+
|
50
|
+
context "when a proxy is configured" do
|
51
|
+
let(:proxy_uri) { 'blah.com' }
|
52
|
+
|
53
|
+
before do
|
54
|
+
Chef::Config[:http_proxy] = proxy_uri
|
55
|
+
end
|
56
|
+
|
57
|
+
it "sets the http_proxy to the configured proxy" do
|
58
|
+
subject
|
59
|
+
expect(ENV['HTTP_PROXY']).to eq("http://#{proxy_uri}")
|
60
|
+
end
|
61
|
+
end
|
44
62
|
end
|
45
63
|
|
46
64
|
describe "#relay_command" do
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: knife-windows
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Seth Chisamore
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-10-
|
11
|
+
date: 2015-10-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: winrm
|
@@ -109,7 +109,9 @@ files:
|
|
109
109
|
- lib/knife-windows/path_helper.rb
|
110
110
|
- lib/knife-windows/version.rb
|
111
111
|
- spec/assets/win_template_rendered_with_bootstrap_install_command.txt
|
112
|
+
- spec/assets/win_template_rendered_with_bootstrap_install_command_on_12_5_client.txt
|
112
113
|
- spec/assets/win_template_rendered_without_bootstrap_install_command.txt
|
114
|
+
- spec/assets/win_template_rendered_without_bootstrap_install_command_on_12_5_client.txt
|
113
115
|
- spec/assets/win_template_unrendered.txt
|
114
116
|
- spec/functional/bootstrap_download_spec.rb
|
115
117
|
- spec/spec_helper.rb
|
@@ -152,7 +154,9 @@ test_files:
|
|
152
154
|
- features/knife_help.feature
|
153
155
|
- features/support/env.rb
|
154
156
|
- spec/assets/win_template_rendered_with_bootstrap_install_command.txt
|
157
|
+
- spec/assets/win_template_rendered_with_bootstrap_install_command_on_12_5_client.txt
|
155
158
|
- spec/assets/win_template_rendered_without_bootstrap_install_command.txt
|
159
|
+
- spec/assets/win_template_rendered_without_bootstrap_install_command_on_12_5_client.txt
|
156
160
|
- spec/assets/win_template_unrendered.txt
|
157
161
|
- spec/functional/bootstrap_download_spec.rb
|
158
162
|
- spec/spec_helper.rb
|