knife-windows 1.1.0 → 1.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +5 -5
- data/.travis.yml +20 -20
- data/CHANGELOG.md +87 -83
- data/DOC_CHANGES.md +20 -20
- data/Gemfile +12 -12
- data/LICENSE +201 -201
- data/README.md +396 -396
- data/RELEASE_NOTES.md +34 -34
- data/Rakefile +21 -21
- data/appveyor.yml +42 -42
- data/ci.gemfile +15 -15
- data/features/knife_help.feature +20 -20
- data/features/support/env.rb +5 -5
- data/knife-windows.gemspec +28 -28
- data/lib/chef/knife/bootstrap/windows-chef-client-msi.erb +247 -247
- data/lib/chef/knife/bootstrap_windows_base.rb +407 -401
- data/lib/chef/knife/bootstrap_windows_ssh.rb +110 -110
- data/lib/chef/knife/bootstrap_windows_winrm.rb +95 -102
- data/lib/chef/knife/core/windows_bootstrap_context.rb +362 -362
- data/lib/chef/knife/knife_windows_base.rb +33 -33
- data/lib/chef/knife/windows_cert_generate.rb +155 -155
- data/lib/chef/knife/windows_cert_install.rb +68 -68
- data/lib/chef/knife/windows_helper.rb +36 -36
- data/lib/chef/knife/windows_listener_create.rb +107 -107
- data/lib/chef/knife/winrm.rb +122 -212
- data/lib/chef/knife/winrm_base.rb +118 -118
- data/lib/chef/knife/winrm_knife_base.rb +309 -218
- data/lib/chef/knife/winrm_session.rb +82 -82
- data/lib/chef/knife/winrm_shared_options.rb +47 -47
- data/lib/chef/knife/wsman_endpoint.rb +44 -44
- data/lib/chef/knife/wsman_test.rb +95 -95
- data/lib/knife-windows/path_helper.rb +234 -234
- data/lib/knife-windows/version.rb +6 -6
- data/spec/assets/win_template_rendered_with_bootstrap_install_command.txt +217 -217
- data/spec/assets/win_template_rendered_with_bootstrap_install_command_on_12_5_client.txt +217 -217
- data/spec/assets/win_template_rendered_without_bootstrap_install_command.txt +329 -329
- data/spec/assets/win_template_rendered_without_bootstrap_install_command_on_12_5_client.txt +329 -329
- data/spec/assets/win_template_unrendered.txt +246 -246
- data/spec/functional/bootstrap_download_spec.rb +234 -233
- data/spec/spec_helper.rb +88 -88
- data/spec/unit/knife/bootstrap_options_spec.rb +148 -146
- data/spec/unit/knife/bootstrap_template_spec.rb +92 -92
- data/spec/unit/knife/bootstrap_windows_winrm_spec.rb +259 -243
- data/spec/unit/knife/core/windows_bootstrap_context_spec.rb +151 -151
- data/spec/unit/knife/windows_cert_generate_spec.rb +90 -90
- data/spec/unit/knife/windows_cert_install_spec.rb +51 -51
- data/spec/unit/knife/windows_listener_create_spec.rb +76 -76
- data/spec/unit/knife/winrm_session_spec.rb +73 -73
- data/spec/unit/knife/winrm_spec.rb +551 -504
- data/spec/unit/knife/wsman_test_spec.rb +178 -175
- metadata +3 -23
@@ -1,401 +1,407 @@
|
|
1
|
-
#
|
2
|
-
# Author:: Seth Chisamore (<schisamo@opscode.com>)
|
3
|
-
# Copyright:: Copyright (c) 2011 Opscode, Inc.
|
4
|
-
# License:: Apache License, Version 2.0
|
5
|
-
#
|
6
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
-
# you may not use this file except in compliance with the License.
|
8
|
-
# You may obtain a copy of the License at
|
9
|
-
#
|
10
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
-
#
|
12
|
-
# Unless required by applicable law or agreed to in writing, software
|
13
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
-
# See the License for the specific language governing permissions and
|
16
|
-
# limitations under the License.
|
17
|
-
#
|
18
|
-
|
19
|
-
require 'chef/knife'
|
20
|
-
require 'chef/knife/bootstrap'
|
21
|
-
require 'chef/encrypted_data_bag_item'
|
22
|
-
require 'chef/knife/core/windows_bootstrap_context'
|
23
|
-
require 'chef/knife/knife_windows_base'
|
24
|
-
# Chef 11 PathHelper doesn't have #home
|
25
|
-
#require 'chef/util/path_helper'
|
26
|
-
|
27
|
-
class Chef
|
28
|
-
class Knife
|
29
|
-
module BootstrapWindowsBase
|
30
|
-
|
31
|
-
include Chef::Knife::KnifeWindowsBase
|
32
|
-
|
33
|
-
# :nodoc:
|
34
|
-
# Would prefer to do this in a rational way, but can't be done b/c of
|
35
|
-
# Mixlib::CLI's design :(
|
36
|
-
def self.included(includer)
|
37
|
-
includer.class_eval do
|
38
|
-
|
39
|
-
deps do
|
40
|
-
require 'readline'
|
41
|
-
require 'chef/json_compat'
|
42
|
-
end
|
43
|
-
|
44
|
-
option :chef_node_name,
|
45
|
-
:short => "-N NAME",
|
46
|
-
:long => "--node-name NAME",
|
47
|
-
:description => "The Chef node name for your new node"
|
48
|
-
|
49
|
-
option :prerelease,
|
50
|
-
:long => "--prerelease",
|
51
|
-
:description => "Install the pre-release chef gems"
|
52
|
-
|
53
|
-
option :bootstrap_version,
|
54
|
-
:long => "--bootstrap-version VERSION",
|
55
|
-
:description => "The version of Chef to install",
|
56
|
-
:proc => Proc.new { |v| Chef::Config[:knife][:bootstrap_version] = v }
|
57
|
-
|
58
|
-
option :bootstrap_proxy,
|
59
|
-
:long => "--bootstrap-proxy PROXY_URL",
|
60
|
-
:description => "The proxy server for the node being bootstrapped",
|
61
|
-
:proc => Proc.new { |p| Chef::Config[:knife][:bootstrap_proxy] = p }
|
62
|
-
|
63
|
-
option :bootstrap_no_proxy,
|
64
|
-
:long => "--bootstrap-no-proxy [NO_PROXY_URL|NO_PROXY_IP]",
|
65
|
-
:description => "Do not proxy locations for the node being bootstrapped; this option is used internally by Opscode",
|
66
|
-
:proc => Proc.new { |np| Chef::Config[:knife][:bootstrap_no_proxy] = np }
|
67
|
-
|
68
|
-
option :bootstrap_install_command,
|
69
|
-
:long => "--bootstrap-install-command COMMANDS",
|
70
|
-
:description => "Custom command to install chef-client",
|
71
|
-
:proc => Proc.new { |ic| Chef::Config[:knife][:bootstrap_install_command] = ic }
|
72
|
-
|
73
|
-
# DEPR: Remove this option in Chef 13
|
74
|
-
option :distro,
|
75
|
-
:short => "-d DISTRO",
|
76
|
-
:long => "--distro DISTRO",
|
77
|
-
:description => "Bootstrap a distro using a template. [DEPRECATED] Use -t / --bootstrap-template option instead.",
|
78
|
-
:proc => Proc.new { |v|
|
79
|
-
Chef::Log.warn("[DEPRECATED] -d / --distro option is deprecated. Use --bootstrap-template option instead.")
|
80
|
-
v
|
81
|
-
}
|
82
|
-
|
83
|
-
option :bootstrap_template,
|
84
|
-
:short => "-t TEMPLATE",
|
85
|
-
:long => "--bootstrap-template TEMPLATE",
|
86
|
-
:description => "Bootstrap Chef using a built-in or custom template. Set to the full path of an erb template or use one of the built-in templates."
|
87
|
-
|
88
|
-
# DEPR: Remove this option in Chef 13
|
89
|
-
option :template_file,
|
90
|
-
:long => "--template-file TEMPLATE",
|
91
|
-
:description => "Full path to location of template to use. [DEPRECATED] Use -t / --bootstrap-template option instead.",
|
92
|
-
:proc => Proc.new { |v|
|
93
|
-
Chef::Log.warn("[DEPRECATED] --template-file option is deprecated. Use --bootstrap-template option instead.")
|
94
|
-
v
|
95
|
-
}
|
96
|
-
|
97
|
-
option :run_list,
|
98
|
-
:short => "-r RUN_LIST",
|
99
|
-
:long => "--run-list RUN_LIST",
|
100
|
-
:description => "Comma separated list of roles/recipes to apply",
|
101
|
-
:proc => lambda { |o| o.split(",") },
|
102
|
-
:default => []
|
103
|
-
|
104
|
-
option :hint,
|
105
|
-
:long => "--hint HINT_NAME[=HINT_FILE]",
|
106
|
-
:description => "Specify Ohai Hint to be set on the bootstrap target. Use multiple --hint options to specify multiple hints.",
|
107
|
-
:proc => Proc.new { |h|
|
108
|
-
Chef::Config[:knife][:hints] ||= Hash.new
|
109
|
-
name, path = h.split("=")
|
110
|
-
Chef::Config[:knife][:hints][name] = path ? Chef::JSONCompat.parse(::File.read(path)) : Hash.new
|
111
|
-
}
|
112
|
-
|
113
|
-
option :first_boot_attributes,
|
114
|
-
:short => "-j JSON_ATTRIBS",
|
115
|
-
:long => "--json-attributes",
|
116
|
-
:description => "A JSON string to be added to the first run of chef-client",
|
117
|
-
:proc => lambda { |o| JSON.parse(o) },
|
118
|
-
:default =>
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
:
|
123
|
-
:
|
124
|
-
:
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
:long
|
130
|
-
:description => "
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
:
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
:
|
140
|
-
:
|
141
|
-
|
142
|
-
|
143
|
-
|
144
|
-
|
145
|
-
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
|
153
|
-
|
154
|
-
:long
|
155
|
-
:description => "
|
156
|
-
:
|
157
|
-
|
158
|
-
option :
|
159
|
-
:
|
160
|
-
:
|
161
|
-
:
|
162
|
-
|
163
|
-
|
164
|
-
:
|
165
|
-
|
166
|
-
|
167
|
-
|
168
|
-
|
169
|
-
|
170
|
-
|
171
|
-
|
172
|
-
|
173
|
-
|
174
|
-
:
|
175
|
-
|
176
|
-
|
177
|
-
|
178
|
-
|
179
|
-
|
180
|
-
|
181
|
-
|
182
|
-
|
183
|
-
|
184
|
-
|
185
|
-
|
186
|
-
|
187
|
-
|
188
|
-
|
189
|
-
:
|
190
|
-
:
|
191
|
-
|
192
|
-
|
193
|
-
|
194
|
-
:
|
195
|
-
:
|
196
|
-
:default
|
197
|
-
|
198
|
-
|
199
|
-
|
200
|
-
|
201
|
-
|
202
|
-
|
203
|
-
|
204
|
-
|
205
|
-
|
206
|
-
|
207
|
-
|
208
|
-
|
209
|
-
|
210
|
-
|
211
|
-
|
212
|
-
|
213
|
-
#
|
214
|
-
|
215
|
-
|
216
|
-
|
217
|
-
|
218
|
-
|
219
|
-
|
220
|
-
|
221
|
-
|
222
|
-
|
223
|
-
#
|
224
|
-
|
225
|
-
|
226
|
-
|
227
|
-
|
228
|
-
|
229
|
-
|
230
|
-
|
231
|
-
|
232
|
-
|
233
|
-
|
234
|
-
|
235
|
-
|
236
|
-
|
237
|
-
|
238
|
-
|
239
|
-
|
240
|
-
|
241
|
-
|
242
|
-
|
243
|
-
|
244
|
-
|
245
|
-
|
246
|
-
|
247
|
-
|
248
|
-
|
249
|
-
|
250
|
-
|
251
|
-
|
252
|
-
|
253
|
-
|
254
|
-
|
255
|
-
|
256
|
-
|
257
|
-
|
258
|
-
|
259
|
-
cli_secret_file =
|
260
|
-
|
261
|
-
|
262
|
-
cli_secret_file
|
263
|
-
|
264
|
-
|
265
|
-
|
266
|
-
|
267
|
-
|
268
|
-
|
269
|
-
|
270
|
-
|
271
|
-
|
272
|
-
|
273
|
-
|
274
|
-
|
275
|
-
|
276
|
-
|
277
|
-
|
278
|
-
|
279
|
-
|
280
|
-
|
281
|
-
|
282
|
-
|
283
|
-
|
284
|
-
|
285
|
-
|
286
|
-
|
287
|
-
|
288
|
-
|
289
|
-
|
290
|
-
|
291
|
-
|
292
|
-
|
293
|
-
|
294
|
-
|
295
|
-
|
296
|
-
|
297
|
-
|
298
|
-
|
299
|
-
|
300
|
-
|
301
|
-
|
302
|
-
|
303
|
-
|
304
|
-
|
305
|
-
|
306
|
-
|
307
|
-
|
308
|
-
|
309
|
-
|
310
|
-
|
311
|
-
|
312
|
-
|
313
|
-
|
314
|
-
|
315
|
-
|
316
|
-
|
317
|
-
|
318
|
-
|
319
|
-
|
320
|
-
|
321
|
-
|
322
|
-
|
323
|
-
|
324
|
-
|
325
|
-
|
326
|
-
|
327
|
-
|
328
|
-
|
329
|
-
|
330
|
-
|
331
|
-
|
332
|
-
end
|
333
|
-
|
334
|
-
|
335
|
-
|
336
|
-
|
337
|
-
|
338
|
-
|
339
|
-
|
340
|
-
|
341
|
-
|
342
|
-
|
343
|
-
|
344
|
-
|
345
|
-
|
346
|
-
|
347
|
-
|
348
|
-
|
349
|
-
|
350
|
-
|
351
|
-
|
352
|
-
|
353
|
-
|
354
|
-
|
355
|
-
|
356
|
-
|
357
|
-
|
358
|
-
|
359
|
-
#
|
360
|
-
#
|
361
|
-
# TODO:
|
362
|
-
|
363
|
-
|
364
|
-
|
365
|
-
|
366
|
-
|
367
|
-
|
368
|
-
|
369
|
-
|
370
|
-
|
371
|
-
#
|
372
|
-
|
373
|
-
|
374
|
-
|
375
|
-
|
376
|
-
|
377
|
-
|
378
|
-
|
379
|
-
|
380
|
-
|
381
|
-
|
382
|
-
|
383
|
-
|
384
|
-
|
385
|
-
|
386
|
-
|
387
|
-
|
388
|
-
|
389
|
-
|
390
|
-
|
391
|
-
|
392
|
-
|
393
|
-
|
394
|
-
|
395
|
-
|
396
|
-
|
397
|
-
|
398
|
-
|
399
|
-
|
400
|
-
|
401
|
-
|
1
|
+
#
|
2
|
+
# Author:: Seth Chisamore (<schisamo@opscode.com>)
|
3
|
+
# Copyright:: Copyright (c) 2011 Opscode, Inc.
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
#
|
18
|
+
|
19
|
+
require 'chef/knife'
|
20
|
+
require 'chef/knife/bootstrap'
|
21
|
+
require 'chef/encrypted_data_bag_item'
|
22
|
+
require 'chef/knife/core/windows_bootstrap_context'
|
23
|
+
require 'chef/knife/knife_windows_base'
|
24
|
+
# Chef 11 PathHelper doesn't have #home
|
25
|
+
#require 'chef/util/path_helper'
|
26
|
+
|
27
|
+
class Chef
|
28
|
+
class Knife
|
29
|
+
module BootstrapWindowsBase
|
30
|
+
|
31
|
+
include Chef::Knife::KnifeWindowsBase
|
32
|
+
|
33
|
+
# :nodoc:
|
34
|
+
# Would prefer to do this in a rational way, but can't be done b/c of
|
35
|
+
# Mixlib::CLI's design :(
|
36
|
+
def self.included(includer)
|
37
|
+
includer.class_eval do
|
38
|
+
|
39
|
+
deps do
|
40
|
+
require 'readline'
|
41
|
+
require 'chef/json_compat'
|
42
|
+
end
|
43
|
+
|
44
|
+
option :chef_node_name,
|
45
|
+
:short => "-N NAME",
|
46
|
+
:long => "--node-name NAME",
|
47
|
+
:description => "The Chef node name for your new node"
|
48
|
+
|
49
|
+
option :prerelease,
|
50
|
+
:long => "--prerelease",
|
51
|
+
:description => "Install the pre-release chef gems"
|
52
|
+
|
53
|
+
option :bootstrap_version,
|
54
|
+
:long => "--bootstrap-version VERSION",
|
55
|
+
:description => "The version of Chef to install",
|
56
|
+
:proc => Proc.new { |v| Chef::Config[:knife][:bootstrap_version] = v }
|
57
|
+
|
58
|
+
option :bootstrap_proxy,
|
59
|
+
:long => "--bootstrap-proxy PROXY_URL",
|
60
|
+
:description => "The proxy server for the node being bootstrapped",
|
61
|
+
:proc => Proc.new { |p| Chef::Config[:knife][:bootstrap_proxy] = p }
|
62
|
+
|
63
|
+
option :bootstrap_no_proxy,
|
64
|
+
:long => "--bootstrap-no-proxy [NO_PROXY_URL|NO_PROXY_IP]",
|
65
|
+
:description => "Do not proxy locations for the node being bootstrapped; this option is used internally by Opscode",
|
66
|
+
:proc => Proc.new { |np| Chef::Config[:knife][:bootstrap_no_proxy] = np }
|
67
|
+
|
68
|
+
option :bootstrap_install_command,
|
69
|
+
:long => "--bootstrap-install-command COMMANDS",
|
70
|
+
:description => "Custom command to install chef-client",
|
71
|
+
:proc => Proc.new { |ic| Chef::Config[:knife][:bootstrap_install_command] = ic }
|
72
|
+
|
73
|
+
# DEPR: Remove this option in Chef 13
|
74
|
+
option :distro,
|
75
|
+
:short => "-d DISTRO",
|
76
|
+
:long => "--distro DISTRO",
|
77
|
+
:description => "Bootstrap a distro using a template. [DEPRECATED] Use -t / --bootstrap-template option instead.",
|
78
|
+
:proc => Proc.new { |v|
|
79
|
+
Chef::Log.warn("[DEPRECATED] -d / --distro option is deprecated. Use --bootstrap-template option instead.")
|
80
|
+
v
|
81
|
+
}
|
82
|
+
|
83
|
+
option :bootstrap_template,
|
84
|
+
:short => "-t TEMPLATE",
|
85
|
+
:long => "--bootstrap-template TEMPLATE",
|
86
|
+
:description => "Bootstrap Chef using a built-in or custom template. Set to the full path of an erb template or use one of the built-in templates."
|
87
|
+
|
88
|
+
# DEPR: Remove this option in Chef 13
|
89
|
+
option :template_file,
|
90
|
+
:long => "--template-file TEMPLATE",
|
91
|
+
:description => "Full path to location of template to use. [DEPRECATED] Use -t / --bootstrap-template option instead.",
|
92
|
+
:proc => Proc.new { |v|
|
93
|
+
Chef::Log.warn("[DEPRECATED] --template-file option is deprecated. Use --bootstrap-template option instead.")
|
94
|
+
v
|
95
|
+
}
|
96
|
+
|
97
|
+
option :run_list,
|
98
|
+
:short => "-r RUN_LIST",
|
99
|
+
:long => "--run-list RUN_LIST",
|
100
|
+
:description => "Comma separated list of roles/recipes to apply",
|
101
|
+
:proc => lambda { |o| o.split(",") },
|
102
|
+
:default => []
|
103
|
+
|
104
|
+
option :hint,
|
105
|
+
:long => "--hint HINT_NAME[=HINT_FILE]",
|
106
|
+
:description => "Specify Ohai Hint to be set on the bootstrap target. Use multiple --hint options to specify multiple hints.",
|
107
|
+
:proc => Proc.new { |h|
|
108
|
+
Chef::Config[:knife][:hints] ||= Hash.new
|
109
|
+
name, path = h.split("=")
|
110
|
+
Chef::Config[:knife][:hints][name] = path ? Chef::JSONCompat.parse(::File.read(path)) : Hash.new
|
111
|
+
}
|
112
|
+
|
113
|
+
option :first_boot_attributes,
|
114
|
+
:short => "-j JSON_ATTRIBS",
|
115
|
+
:long => "--json-attributes",
|
116
|
+
:description => "A JSON string to be added to the first run of chef-client",
|
117
|
+
:proc => lambda { |o| JSON.parse(o) },
|
118
|
+
:default => nil
|
119
|
+
|
120
|
+
option :first_boot_attributes_from_file,
|
121
|
+
:long => "--json-attribute-file FILE",
|
122
|
+
:description => "A JSON file to be used to the first run of chef-client",
|
123
|
+
:proc => lambda { |o| Chef::JSONCompat.parse(File.read(o)) },
|
124
|
+
:default => nil
|
125
|
+
|
126
|
+
# Mismatch between option 'encrypted_data_bag_secret' and it's long value '--secret' is by design for compatibility
|
127
|
+
option :encrypted_data_bag_secret,
|
128
|
+
:short => "-s SECRET",
|
129
|
+
:long => "--secret ",
|
130
|
+
:description => "The secret key to use to decrypt data bag item values. Will be rendered on the node at c:/chef/encrypted_data_bag_secret and set in the rendered client config.",
|
131
|
+
:default => false
|
132
|
+
|
133
|
+
# Mismatch between option 'encrypted_data_bag_secret_file' and it's long value '--secret-file' is by design for compatibility
|
134
|
+
option :encrypted_data_bag_secret_file,
|
135
|
+
:long => "--secret-file SECRET_FILE",
|
136
|
+
:description => "A file containing the secret key to use to encrypt data bag item values. Will be rendered on the node at c:/chef/encrypted_data_bag_secret and set in the rendered client config."
|
137
|
+
|
138
|
+
option :auth_timeout,
|
139
|
+
:long => "--auth-timeout MINUTES",
|
140
|
+
:description => "The maximum time in minutes to wait to for authentication over the transport to the node to succeed. The default value is 2 minutes.",
|
141
|
+
:default => 2
|
142
|
+
|
143
|
+
option :node_ssl_verify_mode,
|
144
|
+
:long => "--node-ssl-verify-mode [peer|none]",
|
145
|
+
:description => "Whether or not to verify the SSL cert for all HTTPS requests.",
|
146
|
+
:proc => Proc.new { |v|
|
147
|
+
valid_values = ["none", "peer"]
|
148
|
+
unless valid_values.include?(v)
|
149
|
+
raise "Invalid value '#{v}' for --node-ssl-verify-mode. Valid values are: #{valid_values.join(", ")}"
|
150
|
+
end
|
151
|
+
}
|
152
|
+
|
153
|
+
option :node_verify_api_cert,
|
154
|
+
:long => "--[no-]node-verify-api-cert",
|
155
|
+
:description => "Verify the SSL cert for HTTPS requests to the Chef server API.",
|
156
|
+
:boolean => true
|
157
|
+
|
158
|
+
option :msi_url,
|
159
|
+
:short => "-u URL",
|
160
|
+
:long => "--msi-url URL",
|
161
|
+
:description => "Location of the Chef Client MSI. The default templates will prefer to download from this location. The MSI will be downloaded from chef.io if not provided.",
|
162
|
+
:default => ''
|
163
|
+
|
164
|
+
option :install_as_service,
|
165
|
+
:long => "--install-as-service",
|
166
|
+
:description => "Install chef-client as a Windows service",
|
167
|
+
:default => false
|
168
|
+
|
169
|
+
option :bootstrap_vault_file,
|
170
|
+
:long => '--bootstrap-vault-file VAULT_FILE',
|
171
|
+
:description => 'A JSON file with a list of vault(s) and item(s) to be updated'
|
172
|
+
|
173
|
+
option :bootstrap_vault_json,
|
174
|
+
:long => '--bootstrap-vault-json VAULT_JSON',
|
175
|
+
:description => 'A JSON string with the vault(s) and item(s) to be updated'
|
176
|
+
|
177
|
+
option :bootstrap_vault_item,
|
178
|
+
:long => '--bootstrap-vault-item VAULT_ITEM',
|
179
|
+
:description => 'A single vault and item to update as "vault:item"',
|
180
|
+
:proc => Proc.new { |i|
|
181
|
+
(vault, item) = i.split(/:/)
|
182
|
+
Chef::Config[:knife][:bootstrap_vault_item] ||= {}
|
183
|
+
Chef::Config[:knife][:bootstrap_vault_item][vault] ||= []
|
184
|
+
Chef::Config[:knife][:bootstrap_vault_item][vault].push(item)
|
185
|
+
Chef::Config[:knife][:bootstrap_vault_item]
|
186
|
+
}
|
187
|
+
|
188
|
+
option :policy_name,
|
189
|
+
:long => "--policy-name POLICY_NAME",
|
190
|
+
:description => "Policyfile name to use (--policy-group must also be given)",
|
191
|
+
:default => nil
|
192
|
+
|
193
|
+
option :policy_group,
|
194
|
+
:long => "--policy-group POLICY_GROUP",
|
195
|
+
:description => "Policy group name to use (--policy-name must also be given)",
|
196
|
+
:default => nil
|
197
|
+
|
198
|
+
option :tags,
|
199
|
+
:long => "--tags TAGS",
|
200
|
+
:description => "Comma separated list of tags to apply to the node",
|
201
|
+
:proc => lambda { |o| o.split(/[\s,]+/) },
|
202
|
+
:default => []
|
203
|
+
end
|
204
|
+
end
|
205
|
+
|
206
|
+
def default_bootstrap_template
|
207
|
+
"windows-chef-client-msi"
|
208
|
+
end
|
209
|
+
|
210
|
+
def bootstrap_template
|
211
|
+
# The order here is important. We want to check if we have the new Chef 12 option is set first.
|
212
|
+
# Knife cloud plugins unfortunately all set a default option for the :distro so it should be at
|
213
|
+
# the end.
|
214
|
+
config[:bootstrap_template] || config[:template_file] || config[:distro] || default_bootstrap_template
|
215
|
+
end
|
216
|
+
|
217
|
+
# TODO: This should go away when CHEF-2193 is fixed
|
218
|
+
def load_template(template=nil)
|
219
|
+
# Are we bootstrapping using an already shipped template?
|
220
|
+
|
221
|
+
template = bootstrap_template
|
222
|
+
|
223
|
+
# Use the template directly if it's a path to an actual file
|
224
|
+
if File.exists?(template)
|
225
|
+
Chef::Log.debug("Using the specified bootstrap template: #{File.dirname(template)}")
|
226
|
+
return IO.read(template).chomp
|
227
|
+
end
|
228
|
+
|
229
|
+
# Otherwise search the template directories until we find the right one
|
230
|
+
bootstrap_files = []
|
231
|
+
bootstrap_files << File.join(File.dirname(__FILE__), 'bootstrap/templates', "#{template}.erb")
|
232
|
+
bootstrap_files << File.join(Knife.chef_config_dir, "bootstrap", "#{template}.erb") if Chef::Knife.chef_config_dir
|
233
|
+
::Knife::Windows::PathHelper.all_homes('.chef', 'bootstrap', "#{template}.erb") { |p| bootstrap_files << p }
|
234
|
+
bootstrap_files << Gem.find_files(File.join("chef","knife","bootstrap","#{template}.erb"))
|
235
|
+
bootstrap_files.flatten!
|
236
|
+
|
237
|
+
template = Array(bootstrap_files).find do |bootstrap_template|
|
238
|
+
Chef::Log.debug("Looking for bootstrap template in #{File.dirname(bootstrap_template)}")
|
239
|
+
::File.exists?(bootstrap_template)
|
240
|
+
end
|
241
|
+
|
242
|
+
unless template
|
243
|
+
ui.info("Can not find bootstrap definition for #{config[:distro]}")
|
244
|
+
raise Errno::ENOENT
|
245
|
+
end
|
246
|
+
|
247
|
+
Chef::Log.debug("Found bootstrap template in #{File.dirname(template)}")
|
248
|
+
|
249
|
+
IO.read(template).chomp
|
250
|
+
end
|
251
|
+
|
252
|
+
def bootstrap_context
|
253
|
+
@bootstrap_context ||= Knife::Core::WindowsBootstrapContext.new(config, config[:run_list], Chef::Config)
|
254
|
+
end
|
255
|
+
|
256
|
+
def load_correct_secret
|
257
|
+
knife_secret_file = Chef::Config[:knife][:encrypted_data_bag_secret_file]
|
258
|
+
knife_secret = Chef::Config[:knife][:encrypted_data_bag_secret]
|
259
|
+
cli_secret_file = config[:encrypted_data_bag_secret_file]
|
260
|
+
cli_secret = config[:encrypted_data_bag_secret]
|
261
|
+
|
262
|
+
cli_secret_file = nil if cli_secret_file == knife_secret_file
|
263
|
+
cli_secret = nil if cli_secret == knife_secret
|
264
|
+
|
265
|
+
cli_secret_file = Chef::EncryptedDataBagItem.load_secret(cli_secret_file) if cli_secret_file != nil
|
266
|
+
knife_secret_file = Chef::EncryptedDataBagItem.load_secret(knife_secret_file) if knife_secret_file != nil
|
267
|
+
|
268
|
+
cli_secret_file || cli_secret || knife_secret_file || knife_secret
|
269
|
+
end
|
270
|
+
|
271
|
+
def render_template(template=nil)
|
272
|
+
config[:secret] = load_correct_secret
|
273
|
+
Erubis::Eruby.new(template).evaluate(bootstrap_context)
|
274
|
+
end
|
275
|
+
|
276
|
+
def bootstrap(proto=nil)
|
277
|
+
if Chef::Config[:knife][:encrypted_data_bag_secret_file] || Chef::Config[:knife][:encrypted_data_bag_secret]
|
278
|
+
warn_chef_config_secret_key
|
279
|
+
end
|
280
|
+
|
281
|
+
validate_name_args!
|
282
|
+
|
283
|
+
# adding respond_to? so this works with pre 12.4 chef clients
|
284
|
+
validate_options! if respond_to?(:validate_options!)
|
285
|
+
|
286
|
+
@node_name = Array(@name_args).first
|
287
|
+
# back compat--templates may use this setting:
|
288
|
+
config[:server_name] = @node_name
|
289
|
+
|
290
|
+
STDOUT.sync = STDERR.sync = true
|
291
|
+
|
292
|
+
if (Chef::Config[:validation_key] && !File.exist?(File.expand_path(Chef::Config[:validation_key])))
|
293
|
+
if Chef::VERSION.split('.').first.to_i == 11
|
294
|
+
ui.error("Unable to find validation key. Please verify your configuration file for validation_key config value.")
|
295
|
+
exit 1
|
296
|
+
end
|
297
|
+
|
298
|
+
unless locate_config_value(:chef_node_name)
|
299
|
+
ui.error("You must pass a node name with -N when bootstrapping with user credentials")
|
300
|
+
exit 1
|
301
|
+
end
|
302
|
+
|
303
|
+
chef_vault_handler.run(node_name: config[:chef_node_name]) if chef_vault_handler.doing_chef_vault?
|
304
|
+
|
305
|
+
client_builder.run
|
306
|
+
bootstrap_context.client_pem = client_builder.client_path
|
307
|
+
else
|
308
|
+
ui.info("Doing old-style registration with the validation key at #{Chef::Config[:validation_key]}...")
|
309
|
+
ui.info("Delete your validation key in order to use your user credentials instead")
|
310
|
+
ui.info("")
|
311
|
+
end
|
312
|
+
|
313
|
+
wait_for_remote_response( config[:auth_timeout].to_i )
|
314
|
+
ui.info("Bootstrapping Chef on #{ui.color(@node_name, :bold)}")
|
315
|
+
# create a bootstrap.bat file on the node
|
316
|
+
# we have to run the remote commands in 2047 char chunks
|
317
|
+
create_bootstrap_bat_command do |command_chunk|
|
318
|
+
begin
|
319
|
+
render_command_result = run_command(command_chunk)
|
320
|
+
ui.error("Batch render command returned #{render_command_result}") if render_command_result != 0
|
321
|
+
render_command_result
|
322
|
+
rescue SystemExit => e
|
323
|
+
raise unless e.success?
|
324
|
+
end
|
325
|
+
end
|
326
|
+
|
327
|
+
# execute the bootstrap.bat file
|
328
|
+
bootstrap_command_result = run_command(bootstrap_command)
|
329
|
+
ui.error("Bootstrap command returned #{bootstrap_command_result}") if bootstrap_command_result != 0
|
330
|
+
|
331
|
+
bootstrap_command_result
|
332
|
+
end
|
333
|
+
|
334
|
+
protected
|
335
|
+
|
336
|
+
# Default implementation -- override only if required by the transport
|
337
|
+
def wait_for_remote_response(wait_max_minutes)
|
338
|
+
end
|
339
|
+
|
340
|
+
def bootstrap_command
|
341
|
+
@bootstrap_command ||= "cmd.exe /C #{bootstrap_bat_file}"
|
342
|
+
end
|
343
|
+
|
344
|
+
def bootstrap_render_banner_command(chunk_num)
|
345
|
+
"cmd.exe /C echo Rendering #{bootstrap_bat_file} chunk #{chunk_num}"
|
346
|
+
end
|
347
|
+
|
348
|
+
def escape_windows_batch_characters(line)
|
349
|
+
# TODO: The commands are going to get redirected - do we need to escape &?
|
350
|
+
line.gsub!(/[(<|>)^]/).each{|m| "^#{m}"}
|
351
|
+
end
|
352
|
+
|
353
|
+
def create_bootstrap_bat_command()
|
354
|
+
chunk_num = 0
|
355
|
+
bootstrap_bat = ""
|
356
|
+
banner = bootstrap_render_banner_command(chunk_num += 1)
|
357
|
+
render_template(load_template(config[:bootstrap_template])).each_line do |line|
|
358
|
+
escape_windows_batch_characters(line)
|
359
|
+
# We are guaranteed to have a prefix "banner" command that echo's chunk number. We can
|
360
|
+
# confidently prefix every actual command with &&.
|
361
|
+
# TODO: Why does ^\n&& work directly through the commandline but not through SOAP?
|
362
|
+
render_line = " && >> #{bootstrap_bat_file} (echo.#{line.chomp.strip})"
|
363
|
+
# Windows commands are limited to 8191 characters for machines running XP or higher but
|
364
|
+
# this includes the length of environment variables after they have been expanded.
|
365
|
+
# Since we don't actually know how long %TEMP% (and it's used twice - once in the banner
|
366
|
+
# and once in every command redirection), we simply guess and set the max to 5000.
|
367
|
+
# TODO: When a more accurate method is available, fix this.
|
368
|
+
if bootstrap_bat.length + render_line.length + banner.length > 5000
|
369
|
+
# Can't fit it into this chunk? - flush (if necessary) and then try.
|
370
|
+
# Do this first because banner.length might change (e.g. due to an extra digit) and
|
371
|
+
# prevent a fit.
|
372
|
+
unless bootstrap_bat.empty?
|
373
|
+
yield banner + bootstrap_bat
|
374
|
+
bootstrap_bat = ""
|
375
|
+
banner = bootstrap_render_banner_command(chunk_num += 1)
|
376
|
+
end
|
377
|
+
# Will this ever fit?
|
378
|
+
if render_line.length + banner.length > 5000
|
379
|
+
raise "Command in bootstrap template too long by #{render_line.length + banner.length - 5000} characters : #{line}"
|
380
|
+
end
|
381
|
+
end
|
382
|
+
bootstrap_bat << render_line
|
383
|
+
end
|
384
|
+
raise "Bootstrap template was empty! Check #{config[:bootstrap_template]}" if bootstrap_bat.empty?
|
385
|
+
yield banner + bootstrap_bat
|
386
|
+
end
|
387
|
+
|
388
|
+
def bootstrap_bat_file
|
389
|
+
@bootstrap_bat_file ||= "\"%TEMP%\\bootstrap-#{Process.pid}-#{Time.now.to_i}.bat\""
|
390
|
+
end
|
391
|
+
|
392
|
+
def warn_chef_config_secret_key
|
393
|
+
ui.info "* " * 40
|
394
|
+
ui.warn(<<-WARNING)
|
395
|
+
\nSpecifying the encrypted data bag secret key using an 'encrypted_data_bag_secret'
|
396
|
+
entry in 'knife.rb' is deprecated. Please use the '--secret' or '--secret-file'
|
397
|
+
options of this command instead.
|
398
|
+
|
399
|
+
#{ui.color('IMPORTANT:', :red, :bold)} In a future version of Chef, this
|
400
|
+
behavior will be removed and any 'encrypted_data_bag_secret' entries in
|
401
|
+
'knife.rb' will be ignored completely.
|
402
|
+
WARNING
|
403
|
+
ui.info "* " * 40
|
404
|
+
end
|
405
|
+
end
|
406
|
+
end
|
407
|
+
end
|