knife-windows 1.2.0 → 1.2.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (52) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +5 -5
  3. data/.travis.yml +23 -23
  4. data/CHANGELOG.md +104 -101
  5. data/DOC_CHANGES.md +14 -14
  6. data/Gemfile +12 -12
  7. data/LICENSE +201 -201
  8. data/README.md +376 -376
  9. data/RELEASE_NOTES.md +34 -34
  10. data/Rakefile +21 -21
  11. data/appveyor.yml +42 -42
  12. data/ci.gemfile +15 -15
  13. data/features/knife_help.feature +20 -20
  14. data/features/support/env.rb +5 -5
  15. data/knife-windows.gemspec +25 -26
  16. data/lib/chef/knife/bootstrap/windows-chef-client-msi.erb +247 -247
  17. data/lib/chef/knife/bootstrap_windows_base.rb +415 -415
  18. data/lib/chef/knife/bootstrap_windows_ssh.rb +115 -115
  19. data/lib/chef/knife/bootstrap_windows_winrm.rb +95 -95
  20. data/lib/chef/knife/core/windows_bootstrap_context.rb +366 -362
  21. data/lib/chef/knife/knife_windows_base.rb +33 -33
  22. data/lib/chef/knife/windows_cert_generate.rb +155 -155
  23. data/lib/chef/knife/windows_cert_install.rb +68 -68
  24. data/lib/chef/knife/windows_helper.rb +36 -36
  25. data/lib/chef/knife/windows_listener_create.rb +107 -107
  26. data/lib/chef/knife/winrm.rb +122 -122
  27. data/lib/chef/knife/winrm_base.rb +113 -113
  28. data/lib/chef/knife/winrm_knife_base.rb +298 -298
  29. data/lib/chef/knife/winrm_session.rb +86 -86
  30. data/lib/chef/knife/winrm_shared_options.rb +47 -47
  31. data/lib/chef/knife/wsman_endpoint.rb +44 -44
  32. data/lib/chef/knife/wsman_test.rb +117 -95
  33. data/lib/knife-windows/path_helper.rb +234 -234
  34. data/lib/knife-windows/version.rb +6 -6
  35. data/spec/assets/win_template_rendered_with_bootstrap_install_command.txt +217 -217
  36. data/spec/assets/win_template_rendered_with_bootstrap_install_command_on_12_5_client.txt +217 -217
  37. data/spec/assets/win_template_rendered_without_bootstrap_install_command.txt +329 -329
  38. data/spec/assets/win_template_rendered_without_bootstrap_install_command_on_12_5_client.txt +329 -329
  39. data/spec/assets/win_template_unrendered.txt +246 -246
  40. data/spec/functional/bootstrap_download_spec.rb +234 -234
  41. data/spec/spec_helper.rb +93 -93
  42. data/spec/unit/knife/bootstrap_options_spec.rb +154 -150
  43. data/spec/unit/knife/bootstrap_template_spec.rb +92 -92
  44. data/spec/unit/knife/bootstrap_windows_winrm_spec.rb +295 -295
  45. data/spec/unit/knife/core/windows_bootstrap_context_spec.rb +177 -151
  46. data/spec/unit/knife/windows_cert_generate_spec.rb +90 -90
  47. data/spec/unit/knife/windows_cert_install_spec.rb +51 -51
  48. data/spec/unit/knife/windows_listener_create_spec.rb +76 -76
  49. data/spec/unit/knife/winrm_session_spec.rb +64 -64
  50. data/spec/unit/knife/winrm_spec.rb +516 -516
  51. data/spec/unit/knife/wsman_test_spec.rb +201 -178
  52. metadata +2 -16
@@ -1,415 +1,415 @@
1
- #
2
- # Author:: Seth Chisamore (<schisamo@opscode.com>)
3
- # Copyright:: Copyright (c) 2011 Opscode, Inc.
4
- # License:: Apache License, Version 2.0
5
- #
6
- # Licensed under the Apache License, Version 2.0 (the "License");
7
- # you may not use this file except in compliance with the License.
8
- # You may obtain a copy of the License at
9
- #
10
- # http://www.apache.org/licenses/LICENSE-2.0
11
- #
12
- # Unless required by applicable law or agreed to in writing, software
13
- # distributed under the License is distributed on an "AS IS" BASIS,
14
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
- # See the License for the specific language governing permissions and
16
- # limitations under the License.
17
- #
18
-
19
- require 'chef/knife'
20
- require 'chef/knife/bootstrap'
21
- require 'chef/encrypted_data_bag_item'
22
- require 'chef/knife/core/windows_bootstrap_context'
23
- require 'chef/knife/knife_windows_base'
24
- # Chef 11 PathHelper doesn't have #home
25
- #require 'chef/util/path_helper'
26
-
27
- class Chef
28
- class Knife
29
- module BootstrapWindowsBase
30
-
31
- include Chef::Knife::KnifeWindowsBase
32
-
33
- # :nodoc:
34
- # Would prefer to do this in a rational way, but can't be done b/c of
35
- # Mixlib::CLI's design :(
36
- def self.included(includer)
37
- includer.class_eval do
38
-
39
- deps do
40
- require 'readline'
41
- require 'chef/json_compat'
42
- end
43
-
44
- option :chef_node_name,
45
- :short => "-N NAME",
46
- :long => "--node-name NAME",
47
- :description => "The Chef node name for your new node"
48
-
49
- option :prerelease,
50
- :long => "--prerelease",
51
- :description => "Install the pre-release chef gems"
52
-
53
- option :bootstrap_version,
54
- :long => "--bootstrap-version VERSION",
55
- :description => "The version of Chef to install",
56
- :proc => Proc.new { |v| Chef::Config[:knife][:bootstrap_version] = v }
57
-
58
- option :bootstrap_proxy,
59
- :long => "--bootstrap-proxy PROXY_URL",
60
- :description => "The proxy server for the node being bootstrapped",
61
- :proc => Proc.new { |p| Chef::Config[:knife][:bootstrap_proxy] = p }
62
-
63
- option :bootstrap_no_proxy,
64
- :long => "--bootstrap-no-proxy [NO_PROXY_URL|NO_PROXY_IP]",
65
- :description => "Do not proxy locations for the node being bootstrapped; this option is used internally by Opscode",
66
- :proc => Proc.new { |np| Chef::Config[:knife][:bootstrap_no_proxy] = np }
67
-
68
- option :bootstrap_install_command,
69
- :long => "--bootstrap-install-command COMMANDS",
70
- :description => "Custom command to install chef-client",
71
- :proc => Proc.new { |ic| Chef::Config[:knife][:bootstrap_install_command] = ic }
72
-
73
- # DEPR: Remove this option in Chef 13
74
- option :distro,
75
- :short => "-d DISTRO",
76
- :long => "--distro DISTRO",
77
- :description => "Bootstrap a distro using a template. [DEPRECATED] Use -t / --bootstrap-template option instead.",
78
- :proc => Proc.new { |v|
79
- Chef::Log.warn("[DEPRECATED] -d / --distro option is deprecated. Use --bootstrap-template option instead.")
80
- v
81
- }
82
-
83
- option :bootstrap_template,
84
- :short => "-t TEMPLATE",
85
- :long => "--bootstrap-template TEMPLATE",
86
- :description => "Bootstrap Chef using a built-in or custom template. Set to the full path of an erb template or use one of the built-in templates."
87
-
88
- # DEPR: Remove this option in Chef 13
89
- option :template_file,
90
- :long => "--template-file TEMPLATE",
91
- :description => "Full path to location of template to use. [DEPRECATED] Use -t / --bootstrap-template option instead.",
92
- :proc => Proc.new { |v|
93
- Chef::Log.warn("[DEPRECATED] --template-file option is deprecated. Use --bootstrap-template option instead.")
94
- v
95
- }
96
-
97
- option :run_list,
98
- :short => "-r RUN_LIST",
99
- :long => "--run-list RUN_LIST",
100
- :description => "Comma separated list of roles/recipes to apply",
101
- :proc => lambda { |o| o.split(",") },
102
- :default => []
103
-
104
- option :hint,
105
- :long => "--hint HINT_NAME[=HINT_FILE]",
106
- :description => "Specify Ohai Hint to be set on the bootstrap target. Use multiple --hint options to specify multiple hints.",
107
- :proc => Proc.new { |h|
108
- Chef::Config[:knife][:hints] ||= Hash.new
109
- name, path = h.split("=")
110
- Chef::Config[:knife][:hints][name] = path ? Chef::JSONCompat.parse(::File.read(path)) : Hash.new
111
- }
112
-
113
- option :first_boot_attributes,
114
- :short => "-j JSON_ATTRIBS",
115
- :long => "--json-attributes",
116
- :description => "A JSON string to be added to the first run of chef-client",
117
- :proc => lambda { |o| JSON.parse(o) },
118
- :default => nil
119
-
120
- option :first_boot_attributes_from_file,
121
- :long => "--json-attribute-file FILE",
122
- :description => "A JSON file to be used to the first run of chef-client",
123
- :proc => lambda { |o| Chef::JSONCompat.parse(File.read(o)) },
124
- :default => nil
125
-
126
- # Mismatch between option 'encrypted_data_bag_secret' and it's long value '--secret' is by design for compatibility
127
- option :encrypted_data_bag_secret,
128
- :short => "-s SECRET",
129
- :long => "--secret ",
130
- :description => "The secret key to use to decrypt data bag item values. Will be rendered on the node at c:/chef/encrypted_data_bag_secret and set in the rendered client config.",
131
- :default => false
132
-
133
- # Mismatch between option 'encrypted_data_bag_secret_file' and it's long value '--secret-file' is by design for compatibility
134
- option :encrypted_data_bag_secret_file,
135
- :long => "--secret-file SECRET_FILE",
136
- :description => "A file containing the secret key to use to encrypt data bag item values. Will be rendered on the node at c:/chef/encrypted_data_bag_secret and set in the rendered client config."
137
-
138
- option :auth_timeout,
139
- :long => "--auth-timeout MINUTES",
140
- :description => "The maximum time in minutes to wait to for authentication over the transport to the node to succeed. The default value is 2 minutes.",
141
- :default => 2
142
-
143
- option :node_ssl_verify_mode,
144
- :long => "--node-ssl-verify-mode [peer|none]",
145
- :description => "Whether or not to verify the SSL cert for all HTTPS requests.",
146
- :proc => Proc.new { |v|
147
- valid_values = ["none", "peer"]
148
- unless valid_values.include?(v)
149
- raise "Invalid value '#{v}' for --node-ssl-verify-mode. Valid values are: #{valid_values.join(", ")}"
150
- end
151
- }
152
-
153
- option :node_verify_api_cert,
154
- :long => "--[no-]node-verify-api-cert",
155
- :description => "Verify the SSL cert for HTTPS requests to the Chef server API.",
156
- :boolean => true
157
-
158
- option :msi_url,
159
- :short => "-u URL",
160
- :long => "--msi-url URL",
161
- :description => "Location of the Chef Client MSI. The default templates will prefer to download from this location. The MSI will be downloaded from chef.io if not provided.",
162
- :default => ''
163
-
164
- option :install_as_service,
165
- :long => "--install-as-service",
166
- :description => "Install chef-client as a Windows service",
167
- :default => false
168
-
169
- option :bootstrap_vault_file,
170
- :long => '--bootstrap-vault-file VAULT_FILE',
171
- :description => 'A JSON file with a list of vault(s) and item(s) to be updated'
172
-
173
- option :bootstrap_vault_json,
174
- :long => '--bootstrap-vault-json VAULT_JSON',
175
- :description => 'A JSON string with the vault(s) and item(s) to be updated'
176
-
177
- option :bootstrap_vault_item,
178
- :long => '--bootstrap-vault-item VAULT_ITEM',
179
- :description => 'A single vault and item to update as "vault:item"',
180
- :proc => Proc.new { |i|
181
- (vault, item) = i.split(/:/)
182
- Chef::Config[:knife][:bootstrap_vault_item] ||= {}
183
- Chef::Config[:knife][:bootstrap_vault_item][vault] ||= []
184
- Chef::Config[:knife][:bootstrap_vault_item][vault].push(item)
185
- Chef::Config[:knife][:bootstrap_vault_item]
186
- }
187
-
188
- option :policy_name,
189
- :long => "--policy-name POLICY_NAME",
190
- :description => "Policyfile name to use (--policy-group must also be given)",
191
- :default => nil
192
-
193
- option :policy_group,
194
- :long => "--policy-group POLICY_GROUP",
195
- :description => "Policy group name to use (--policy-name must also be given)",
196
- :default => nil
197
-
198
- option :tags,
199
- :long => "--tags TAGS",
200
- :description => "Comma separated list of tags to apply to the node",
201
- :proc => lambda { |o| o.split(/[\s,]+/) },
202
- :default => []
203
- end
204
- end
205
-
206
- def default_bootstrap_template
207
- "windows-chef-client-msi"
208
- end
209
-
210
- def bootstrap_template
211
- # The order here is important. We want to check if we have the new Chef 12 option is set first.
212
- # Knife cloud plugins unfortunately all set a default option for the :distro so it should be at
213
- # the end.
214
- config[:bootstrap_template] || config[:template_file] || config[:distro] || default_bootstrap_template
215
- end
216
-
217
- # TODO: This should go away when CHEF-2193 is fixed
218
- def load_template(template=nil)
219
- # Are we bootstrapping using an already shipped template?
220
-
221
- template = bootstrap_template
222
-
223
- # Use the template directly if it's a path to an actual file
224
- if File.exists?(template)
225
- Chef::Log.debug("Using the specified bootstrap template: #{File.dirname(template)}")
226
- return IO.read(template).chomp
227
- end
228
-
229
- # Otherwise search the template directories until we find the right one
230
- bootstrap_files = []
231
- bootstrap_files << File.join(File.dirname(__FILE__), 'bootstrap/templates', "#{template}.erb")
232
- bootstrap_files << File.join(Knife.chef_config_dir, "bootstrap", "#{template}.erb") if Chef::Knife.chef_config_dir
233
- ::Knife::Windows::PathHelper.all_homes('.chef', 'bootstrap', "#{template}.erb") { |p| bootstrap_files << p }
234
- bootstrap_files << Gem.find_files(File.join("chef","knife","bootstrap","#{template}.erb"))
235
- bootstrap_files.flatten!
236
-
237
- template = Array(bootstrap_files).find do |bootstrap_template|
238
- Chef::Log.debug("Looking for bootstrap template in #{File.dirname(bootstrap_template)}")
239
- ::File.exists?(bootstrap_template)
240
- end
241
-
242
- unless template
243
- ui.info("Can not find bootstrap definition for #{config[:distro]}")
244
- raise Errno::ENOENT
245
- end
246
-
247
- Chef::Log.debug("Found bootstrap template in #{File.dirname(template)}")
248
-
249
- IO.read(template).chomp
250
- end
251
-
252
- def bootstrap_context
253
- @bootstrap_context ||= Knife::Core::WindowsBootstrapContext.new(config, config[:run_list], Chef::Config)
254
- end
255
-
256
- def load_correct_secret
257
- knife_secret_file = Chef::Config[:knife][:encrypted_data_bag_secret_file]
258
- knife_secret = Chef::Config[:knife][:encrypted_data_bag_secret]
259
- cli_secret_file = config[:encrypted_data_bag_secret_file]
260
- cli_secret = config[:encrypted_data_bag_secret]
261
-
262
- cli_secret_file = nil if cli_secret_file == knife_secret_file
263
- cli_secret = nil if cli_secret == knife_secret
264
-
265
- cli_secret_file = Chef::EncryptedDataBagItem.load_secret(cli_secret_file) if cli_secret_file != nil
266
- knife_secret_file = Chef::EncryptedDataBagItem.load_secret(knife_secret_file) if knife_secret_file != nil
267
-
268
- cli_secret_file || cli_secret || knife_secret_file || knife_secret
269
- end
270
-
271
- def render_template(template=nil)
272
- config[:secret] = load_correct_secret
273
- Erubis::Eruby.new(template).evaluate(bootstrap_context)
274
- end
275
-
276
- def bootstrap(proto=nil)
277
- if Chef::Config[:knife][:encrypted_data_bag_secret_file] || Chef::Config[:knife][:encrypted_data_bag_secret]
278
- warn_chef_config_secret_key
279
- end
280
-
281
- validate_name_args!
282
-
283
- # adding respond_to? so this works with pre 12.4 chef clients
284
- validate_options! if respond_to?(:validate_options!)
285
-
286
- @node_name = Array(@name_args).first
287
- # back compat--templates may use this setting:
288
- config[:server_name] = @node_name
289
-
290
- STDOUT.sync = STDERR.sync = true
291
-
292
- if Chef::VERSION.split('.').first.to_i == 11 && Chef::Config[:validation_key] && !File.exist?(File.expand_path(Chef::Config[:validation_key]))
293
- ui.error("Unable to find validation key. Please verify your configuration file for validation_key config value.")
294
- exit 1
295
- end
296
-
297
- if (defined?(chef_vault_handler) && chef_vault_handler.doing_chef_vault?) ||
298
- (Chef::Config[:validation_key] && !File.exist?(File.expand_path(Chef::Config[:validation_key])))
299
-
300
- unless locate_config_value(:chef_node_name)
301
- ui.error("You must pass a node name with -N when bootstrapping with user credentials")
302
- exit 1
303
- end
304
-
305
- client_builder.run
306
-
307
- if client_builder.respond_to?(:client)
308
- chef_vault_handler.run(client_builder.client)
309
- else
310
- chef_vault_handler.run(node_name: config[:chef_node_name])
311
- end
312
-
313
- bootstrap_context.client_pem = client_builder.client_path
314
-
315
- else
316
- ui.info("Doing old-style registration with the validation key at #{Chef::Config[:validation_key]}...")
317
- ui.info("Delete your validation key in order to use your user credentials instead")
318
- ui.info("")
319
- end
320
-
321
- wait_for_remote_response( config[:auth_timeout].to_i )
322
- ui.info("Bootstrapping Chef on #{ui.color(@node_name, :bold)}")
323
- # create a bootstrap.bat file on the node
324
- # we have to run the remote commands in 2047 char chunks
325
- create_bootstrap_bat_command do |command_chunk|
326
- begin
327
- render_command_result = run_command(command_chunk)
328
- ui.error("Batch render command returned #{render_command_result}") if render_command_result != 0
329
- render_command_result
330
- rescue SystemExit => e
331
- raise unless e.success?
332
- end
333
- end
334
-
335
- # execute the bootstrap.bat file
336
- bootstrap_command_result = run_command(bootstrap_command)
337
- ui.error("Bootstrap command returned #{bootstrap_command_result}") if bootstrap_command_result != 0
338
-
339
- bootstrap_command_result
340
- end
341
-
342
- protected
343
-
344
- # Default implementation -- override only if required by the transport
345
- def wait_for_remote_response(wait_max_minutes)
346
- end
347
-
348
- def bootstrap_command
349
- @bootstrap_command ||= "cmd.exe /C #{bootstrap_bat_file}"
350
- end
351
-
352
- def bootstrap_render_banner_command(chunk_num)
353
- "cmd.exe /C echo Rendering #{bootstrap_bat_file} chunk #{chunk_num}"
354
- end
355
-
356
- def escape_windows_batch_characters(line)
357
- # TODO: The commands are going to get redirected - do we need to escape &?
358
- line.gsub!(/[(<|>)^]/).each{|m| "^#{m}"}
359
- end
360
-
361
- def create_bootstrap_bat_command()
362
- chunk_num = 0
363
- bootstrap_bat = ""
364
- banner = bootstrap_render_banner_command(chunk_num += 1)
365
- render_template(load_template(config[:bootstrap_template])).each_line do |line|
366
- escape_windows_batch_characters(line)
367
- # We are guaranteed to have a prefix "banner" command that echo's chunk number. We can
368
- # confidently prefix every actual command with &&.
369
- # TODO: Why does ^\n&& work directly through the commandline but not through SOAP?
370
- render_line = " && >> #{bootstrap_bat_file} (echo.#{line.chomp.strip})"
371
- # Windows commands are limited to 8191 characters for machines running XP or higher but
372
- # this includes the length of environment variables after they have been expanded.
373
- # Since we don't actually know how long %TEMP% (and it's used twice - once in the banner
374
- # and once in every command redirection), we simply guess and set the max to 5000.
375
- # TODO: When a more accurate method is available, fix this.
376
- if bootstrap_bat.length + render_line.length + banner.length > 5000
377
- # Can't fit it into this chunk? - flush (if necessary) and then try.
378
- # Do this first because banner.length might change (e.g. due to an extra digit) and
379
- # prevent a fit.
380
- unless bootstrap_bat.empty?
381
- yield banner + bootstrap_bat
382
- bootstrap_bat = ""
383
- banner = bootstrap_render_banner_command(chunk_num += 1)
384
- end
385
- # Will this ever fit?
386
- if render_line.length + banner.length > 5000
387
- raise "Command in bootstrap template too long by #{render_line.length + banner.length - 5000} characters : #{line}"
388
- end
389
- end
390
- bootstrap_bat << render_line
391
- end
392
- raise "Bootstrap template was empty! Check #{config[:bootstrap_template]}" if bootstrap_bat.empty?
393
- yield banner + bootstrap_bat
394
- end
395
-
396
- def bootstrap_bat_file
397
- @bootstrap_bat_file ||= "\"%TEMP%\\bootstrap-#{Process.pid}-#{Time.now.to_i}.bat\""
398
- end
399
-
400
- def warn_chef_config_secret_key
401
- ui.info "* " * 40
402
- ui.warn(<<-WARNING)
403
- \nSpecifying the encrypted data bag secret key using an 'encrypted_data_bag_secret'
404
- entry in 'knife.rb' is deprecated. Please use the '--secret' or '--secret-file'
405
- options of this command instead.
406
-
407
- #{ui.color('IMPORTANT:', :red, :bold)} In a future version of Chef, this
408
- behavior will be removed and any 'encrypted_data_bag_secret' entries in
409
- 'knife.rb' will be ignored completely.
410
- WARNING
411
- ui.info "* " * 40
412
- end
413
- end
414
- end
415
- end
1
+ #
2
+ # Author:: Seth Chisamore (<schisamo@opscode.com>)
3
+ # Copyright:: Copyright (c) 2011 Opscode, Inc.
4
+ # License:: Apache License, Version 2.0
5
+ #
6
+ # Licensed under the Apache License, Version 2.0 (the "License");
7
+ # you may not use this file except in compliance with the License.
8
+ # You may obtain a copy of the License at
9
+ #
10
+ # http://www.apache.org/licenses/LICENSE-2.0
11
+ #
12
+ # Unless required by applicable law or agreed to in writing, software
13
+ # distributed under the License is distributed on an "AS IS" BASIS,
14
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
+ # See the License for the specific language governing permissions and
16
+ # limitations under the License.
17
+ #
18
+
19
+ require 'chef/knife'
20
+ require 'chef/knife/bootstrap'
21
+ require 'chef/encrypted_data_bag_item'
22
+ require 'chef/knife/core/windows_bootstrap_context'
23
+ require 'chef/knife/knife_windows_base'
24
+ # Chef 11 PathHelper doesn't have #home
25
+ #require 'chef/util/path_helper'
26
+
27
+ class Chef
28
+ class Knife
29
+ module BootstrapWindowsBase
30
+
31
+ include Chef::Knife::KnifeWindowsBase
32
+
33
+ # :nodoc:
34
+ # Would prefer to do this in a rational way, but can't be done b/c of
35
+ # Mixlib::CLI's design :(
36
+ def self.included(includer)
37
+ includer.class_eval do
38
+
39
+ deps do
40
+ require 'readline'
41
+ require 'chef/json_compat'
42
+ end
43
+
44
+ option :chef_node_name,
45
+ :short => "-N NAME",
46
+ :long => "--node-name NAME",
47
+ :description => "The Chef node name for your new node"
48
+
49
+ option :prerelease,
50
+ :long => "--prerelease",
51
+ :description => "Install the pre-release chef gems"
52
+
53
+ option :bootstrap_version,
54
+ :long => "--bootstrap-version VERSION",
55
+ :description => "The version of Chef to install",
56
+ :proc => Proc.new { |v| Chef::Config[:knife][:bootstrap_version] = v }
57
+
58
+ option :bootstrap_proxy,
59
+ :long => "--bootstrap-proxy PROXY_URL",
60
+ :description => "The proxy server for the node being bootstrapped",
61
+ :proc => Proc.new { |p| Chef::Config[:knife][:bootstrap_proxy] = p }
62
+
63
+ option :bootstrap_no_proxy,
64
+ :long => "--bootstrap-no-proxy [NO_PROXY_URL|NO_PROXY_IP]",
65
+ :description => "Do not proxy locations for the node being bootstrapped; this option is used internally by Opscode",
66
+ :proc => Proc.new { |np| Chef::Config[:knife][:bootstrap_no_proxy] = np }
67
+
68
+ option :bootstrap_install_command,
69
+ :long => "--bootstrap-install-command COMMANDS",
70
+ :description => "Custom command to install chef-client",
71
+ :proc => Proc.new { |ic| Chef::Config[:knife][:bootstrap_install_command] = ic }
72
+
73
+ # DEPR: Remove this option in Chef 13
74
+ option :distro,
75
+ :short => "-d DISTRO",
76
+ :long => "--distro DISTRO",
77
+ :description => "Bootstrap a distro using a template. [DEPRECATED] Use -t / --bootstrap-template option instead.",
78
+ :proc => Proc.new { |v|
79
+ Chef::Log.warn("[DEPRECATED] -d / --distro option is deprecated. Use --bootstrap-template option instead.")
80
+ v
81
+ }
82
+
83
+ option :bootstrap_template,
84
+ :short => "-t TEMPLATE",
85
+ :long => "--bootstrap-template TEMPLATE",
86
+ :description => "Bootstrap Chef using a built-in or custom template. Set to the full path of an erb template or use one of the built-in templates."
87
+
88
+ # DEPR: Remove this option in Chef 13
89
+ option :template_file,
90
+ :long => "--template-file TEMPLATE",
91
+ :description => "Full path to location of template to use. [DEPRECATED] Use -t / --bootstrap-template option instead.",
92
+ :proc => Proc.new { |v|
93
+ Chef::Log.warn("[DEPRECATED] --template-file option is deprecated. Use --bootstrap-template option instead.")
94
+ v
95
+ }
96
+
97
+ option :run_list,
98
+ :short => "-r RUN_LIST",
99
+ :long => "--run-list RUN_LIST",
100
+ :description => "Comma separated list of roles/recipes to apply",
101
+ :proc => lambda { |o| o.split(",") },
102
+ :default => []
103
+
104
+ option :hint,
105
+ :long => "--hint HINT_NAME[=HINT_FILE]",
106
+ :description => "Specify Ohai Hint to be set on the bootstrap target. Use multiple --hint options to specify multiple hints.",
107
+ :proc => Proc.new { |h|
108
+ Chef::Config[:knife][:hints] ||= Hash.new
109
+ name, path = h.split("=")
110
+ Chef::Config[:knife][:hints][name] = path ? Chef::JSONCompat.parse(::File.read(path)) : Hash.new
111
+ }
112
+
113
+ option :first_boot_attributes,
114
+ :short => "-j JSON_ATTRIBS",
115
+ :long => "--json-attributes",
116
+ :description => "A JSON string to be added to the first run of chef-client",
117
+ :proc => lambda { |o| JSON.parse(o) },
118
+ :default => nil
119
+
120
+ option :first_boot_attributes_from_file,
121
+ :long => "--json-attribute-file FILE",
122
+ :description => "A JSON file to be used to the first run of chef-client",
123
+ :proc => lambda { |o| Chef::JSONCompat.parse(File.read(o)) },
124
+ :default => nil
125
+
126
+ # Mismatch between option 'encrypted_data_bag_secret' and it's long value '--secret' is by design for compatibility
127
+ option :encrypted_data_bag_secret,
128
+ :short => "-s SECRET",
129
+ :long => "--secret ",
130
+ :description => "The secret key to use to decrypt data bag item values. Will be rendered on the node at c:/chef/encrypted_data_bag_secret and set in the rendered client config.",
131
+ :default => false
132
+
133
+ # Mismatch between option 'encrypted_data_bag_secret_file' and it's long value '--secret-file' is by design for compatibility
134
+ option :encrypted_data_bag_secret_file,
135
+ :long => "--secret-file SECRET_FILE",
136
+ :description => "A file containing the secret key to use to encrypt data bag item values. Will be rendered on the node at c:/chef/encrypted_data_bag_secret and set in the rendered client config."
137
+
138
+ option :auth_timeout,
139
+ :long => "--auth-timeout MINUTES",
140
+ :description => "The maximum time in minutes to wait to for authentication over the transport to the node to succeed. The default value is 2 minutes.",
141
+ :default => 2
142
+
143
+ option :node_ssl_verify_mode,
144
+ :long => "--node-ssl-verify-mode [peer|none]",
145
+ :description => "Whether or not to verify the SSL cert for all HTTPS requests.",
146
+ :proc => Proc.new { |v|
147
+ valid_values = ["none", "peer"]
148
+ unless valid_values.include?(v)
149
+ raise "Invalid value '#{v}' for --node-ssl-verify-mode. Valid values are: #{valid_values.join(", ")}"
150
+ end
151
+ }
152
+
153
+ option :node_verify_api_cert,
154
+ :long => "--[no-]node-verify-api-cert",
155
+ :description => "Verify the SSL cert for HTTPS requests to the Chef server API.",
156
+ :boolean => true
157
+
158
+ option :msi_url,
159
+ :short => "-u URL",
160
+ :long => "--msi-url URL",
161
+ :description => "Location of the Chef Client MSI. The default templates will prefer to download from this location. The MSI will be downloaded from chef.io if not provided.",
162
+ :default => ''
163
+
164
+ option :install_as_service,
165
+ :long => "--install-as-service",
166
+ :description => "Install chef-client as a Windows service",
167
+ :default => false
168
+
169
+ option :bootstrap_vault_file,
170
+ :long => '--bootstrap-vault-file VAULT_FILE',
171
+ :description => 'A JSON file with a list of vault(s) and item(s) to be updated'
172
+
173
+ option :bootstrap_vault_json,
174
+ :long => '--bootstrap-vault-json VAULT_JSON',
175
+ :description => 'A JSON string with the vault(s) and item(s) to be updated'
176
+
177
+ option :bootstrap_vault_item,
178
+ :long => '--bootstrap-vault-item VAULT_ITEM',
179
+ :description => 'A single vault and item to update as "vault:item"',
180
+ :proc => Proc.new { |i|
181
+ (vault, item) = i.split(/:/)
182
+ Chef::Config[:knife][:bootstrap_vault_item] ||= {}
183
+ Chef::Config[:knife][:bootstrap_vault_item][vault] ||= []
184
+ Chef::Config[:knife][:bootstrap_vault_item][vault].push(item)
185
+ Chef::Config[:knife][:bootstrap_vault_item]
186
+ }
187
+
188
+ option :policy_name,
189
+ :long => "--policy-name POLICY_NAME",
190
+ :description => "Policyfile name to use (--policy-group must also be given)",
191
+ :default => nil
192
+
193
+ option :policy_group,
194
+ :long => "--policy-group POLICY_GROUP",
195
+ :description => "Policy group name to use (--policy-name must also be given)",
196
+ :default => nil
197
+
198
+ option :tags,
199
+ :long => "--tags TAGS",
200
+ :description => "Comma separated list of tags to apply to the node",
201
+ :proc => lambda { |o| o.split(/[\s,]+/) },
202
+ :default => []
203
+ end
204
+ end
205
+
206
+ def default_bootstrap_template
207
+ "windows-chef-client-msi"
208
+ end
209
+
210
+ def bootstrap_template
211
+ # The order here is important. We want to check if we have the new Chef 12 option is set first.
212
+ # Knife cloud plugins unfortunately all set a default option for the :distro so it should be at
213
+ # the end.
214
+ config[:bootstrap_template] || config[:template_file] || config[:distro] || default_bootstrap_template
215
+ end
216
+
217
+ # TODO: This should go away when CHEF-2193 is fixed
218
+ def load_template(template=nil)
219
+ # Are we bootstrapping using an already shipped template?
220
+
221
+ template = bootstrap_template
222
+
223
+ # Use the template directly if it's a path to an actual file
224
+ if File.exists?(template)
225
+ Chef::Log.debug("Using the specified bootstrap template: #{File.dirname(template)}")
226
+ return IO.read(template).chomp
227
+ end
228
+
229
+ # Otherwise search the template directories until we find the right one
230
+ bootstrap_files = []
231
+ bootstrap_files << File.join(File.dirname(__FILE__), 'bootstrap/templates', "#{template}.erb")
232
+ bootstrap_files << File.join(Knife.chef_config_dir, "bootstrap", "#{template}.erb") if Chef::Knife.chef_config_dir
233
+ ::Knife::Windows::PathHelper.all_homes('.chef', 'bootstrap', "#{template}.erb") { |p| bootstrap_files << p }
234
+ bootstrap_files << Gem.find_files(File.join("chef","knife","bootstrap","#{template}.erb"))
235
+ bootstrap_files.flatten!
236
+
237
+ template = Array(bootstrap_files).find do |bootstrap_template|
238
+ Chef::Log.debug("Looking for bootstrap template in #{File.dirname(bootstrap_template)}")
239
+ ::File.exists?(bootstrap_template)
240
+ end
241
+
242
+ unless template
243
+ ui.info("Can not find bootstrap definition for #{config[:distro]}")
244
+ raise Errno::ENOENT
245
+ end
246
+
247
+ Chef::Log.debug("Found bootstrap template in #{File.dirname(template)}")
248
+
249
+ IO.read(template).chomp
250
+ end
251
+
252
+ def bootstrap_context
253
+ @bootstrap_context ||= Knife::Core::WindowsBootstrapContext.new(config, config[:run_list], Chef::Config)
254
+ end
255
+
256
+ def load_correct_secret
257
+ knife_secret_file = Chef::Config[:knife][:encrypted_data_bag_secret_file]
258
+ knife_secret = Chef::Config[:knife][:encrypted_data_bag_secret]
259
+ cli_secret_file = config[:encrypted_data_bag_secret_file]
260
+ cli_secret = config[:encrypted_data_bag_secret]
261
+
262
+ cli_secret_file = nil if cli_secret_file == knife_secret_file
263
+ cli_secret = nil if cli_secret == knife_secret
264
+
265
+ cli_secret_file = Chef::EncryptedDataBagItem.load_secret(cli_secret_file) if cli_secret_file != nil
266
+ knife_secret_file = Chef::EncryptedDataBagItem.load_secret(knife_secret_file) if knife_secret_file != nil
267
+
268
+ cli_secret_file || cli_secret || knife_secret_file || knife_secret
269
+ end
270
+
271
+ def render_template(template=nil)
272
+ config[:secret] = load_correct_secret
273
+ Erubis::Eruby.new(template).evaluate(bootstrap_context)
274
+ end
275
+
276
+ def bootstrap(proto=nil)
277
+ if Chef::Config[:knife][:encrypted_data_bag_secret_file] || Chef::Config[:knife][:encrypted_data_bag_secret]
278
+ warn_chef_config_secret_key
279
+ end
280
+
281
+ validate_name_args!
282
+
283
+ # adding respond_to? so this works with pre 12.4 chef clients
284
+ validate_options! if respond_to?(:validate_options!)
285
+
286
+ @node_name = Array(@name_args).first
287
+ # back compat--templates may use this setting:
288
+ config[:server_name] = @node_name
289
+
290
+ STDOUT.sync = STDERR.sync = true
291
+
292
+ if Chef::VERSION.split('.').first.to_i == 11 && Chef::Config[:validation_key] && !File.exist?(File.expand_path(Chef::Config[:validation_key]))
293
+ ui.error("Unable to find validation key. Please verify your configuration file for validation_key config value.")
294
+ exit 1
295
+ end
296
+
297
+ if (defined?(chef_vault_handler) && chef_vault_handler.doing_chef_vault?) ||
298
+ (Chef::Config[:validation_key] && !File.exist?(File.expand_path(Chef::Config[:validation_key])))
299
+
300
+ unless locate_config_value(:chef_node_name)
301
+ ui.error("You must pass a node name with -N when bootstrapping with user credentials")
302
+ exit 1
303
+ end
304
+
305
+ client_builder.run
306
+
307
+ if client_builder.respond_to?(:client)
308
+ chef_vault_handler.run(client_builder.client)
309
+ else
310
+ chef_vault_handler.run(node_name: config[:chef_node_name])
311
+ end
312
+
313
+ bootstrap_context.client_pem = client_builder.client_path
314
+
315
+ else
316
+ ui.info("Doing old-style registration with the validation key at #{Chef::Config[:validation_key]}...")
317
+ ui.info("Delete your validation key in order to use your user credentials instead")
318
+ ui.info("")
319
+ end
320
+
321
+ wait_for_remote_response( config[:auth_timeout].to_i )
322
+ ui.info("Bootstrapping Chef on #{ui.color(@node_name, :bold)}")
323
+ # create a bootstrap.bat file on the node
324
+ # we have to run the remote commands in 2047 char chunks
325
+ create_bootstrap_bat_command do |command_chunk|
326
+ begin
327
+ render_command_result = run_command(command_chunk)
328
+ ui.error("Batch render command returned #{render_command_result}") if render_command_result != 0
329
+ render_command_result
330
+ rescue SystemExit => e
331
+ raise unless e.success?
332
+ end
333
+ end
334
+
335
+ # execute the bootstrap.bat file
336
+ bootstrap_command_result = run_command(bootstrap_command)
337
+ ui.error("Bootstrap command returned #{bootstrap_command_result}") if bootstrap_command_result != 0
338
+
339
+ bootstrap_command_result
340
+ end
341
+
342
+ protected
343
+
344
+ # Default implementation -- override only if required by the transport
345
+ def wait_for_remote_response(wait_max_minutes)
346
+ end
347
+
348
+ def bootstrap_command
349
+ @bootstrap_command ||= "cmd.exe /C #{bootstrap_bat_file}"
350
+ end
351
+
352
+ def bootstrap_render_banner_command(chunk_num)
353
+ "cmd.exe /C echo Rendering #{bootstrap_bat_file} chunk #{chunk_num}"
354
+ end
355
+
356
+ def escape_windows_batch_characters(line)
357
+ # TODO: The commands are going to get redirected - do we need to escape &?
358
+ line.gsub!(/[(<|>)^]/).each{|m| "^#{m}"}
359
+ end
360
+
361
+ def create_bootstrap_bat_command()
362
+ chunk_num = 0
363
+ bootstrap_bat = ""
364
+ banner = bootstrap_render_banner_command(chunk_num += 1)
365
+ render_template(load_template(config[:bootstrap_template])).each_line do |line|
366
+ escape_windows_batch_characters(line)
367
+ # We are guaranteed to have a prefix "banner" command that echo's chunk number. We can
368
+ # confidently prefix every actual command with &&.
369
+ # TODO: Why does ^\n&& work directly through the commandline but not through SOAP?
370
+ render_line = " && >> #{bootstrap_bat_file} (echo.#{line.chomp.strip})"
371
+ # Windows commands are limited to 8191 characters for machines running XP or higher but
372
+ # this includes the length of environment variables after they have been expanded.
373
+ # Since we don't actually know how long %TEMP% (and it's used twice - once in the banner
374
+ # and once in every command redirection), we simply guess and set the max to 5000.
375
+ # TODO: When a more accurate method is available, fix this.
376
+ if bootstrap_bat.length + render_line.length + banner.length > 5000
377
+ # Can't fit it into this chunk? - flush (if necessary) and then try.
378
+ # Do this first because banner.length might change (e.g. due to an extra digit) and
379
+ # prevent a fit.
380
+ unless bootstrap_bat.empty?
381
+ yield banner + bootstrap_bat
382
+ bootstrap_bat = ""
383
+ banner = bootstrap_render_banner_command(chunk_num += 1)
384
+ end
385
+ # Will this ever fit?
386
+ if render_line.length + banner.length > 5000
387
+ raise "Command in bootstrap template too long by #{render_line.length + banner.length - 5000} characters : #{line}"
388
+ end
389
+ end
390
+ bootstrap_bat << render_line
391
+ end
392
+ raise "Bootstrap template was empty! Check #{config[:bootstrap_template]}" if bootstrap_bat.empty?
393
+ yield banner + bootstrap_bat
394
+ end
395
+
396
+ def bootstrap_bat_file
397
+ @bootstrap_bat_file ||= "\"%TEMP%\\bootstrap-#{Process.pid}-#{Time.now.to_i}.bat\""
398
+ end
399
+
400
+ def warn_chef_config_secret_key
401
+ ui.info "* " * 40
402
+ ui.warn(<<-WARNING)
403
+ \nSpecifying the encrypted data bag secret key using an 'encrypted_data_bag_secret'
404
+ entry in 'knife.rb' is deprecated. Please use the '--secret' or '--secret-file'
405
+ options of this command instead.
406
+
407
+ #{ui.color('IMPORTANT:', :red, :bold)} In a future version of Chef, this
408
+ behavior will be removed and any 'encrypted_data_bag_secret' entries in
409
+ 'knife.rb' will be ignored completely.
410
+ WARNING
411
+ ui.info "* " * 40
412
+ end
413
+ end
414
+ end
415
+ end