knife-windows 1.2.0 → 1.2.1

data/lib/chef/knife/winrm_session.rb

@@ -1,87 +1,87 @@
-#
-# Author:: Steven Murawski <smurawski@chef.io>
-# Copyright:: Copyright (c) 2015 Chef Software, Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-require 'chef/application'
-require 'winrm'
-
-class Chef
-  class Knife
-    class WinrmSession
-      attr_reader :host, :endpoint, :port, :output, :error, :exit_code
-
-      def initialize(options)
-        configure_proxy
-        
-        @host = options[:host]
-        @port = options[:port]
-        url = "#{options[:host]}:#{options[:port]}/wsman"
-        scheme = options[:transport] == :ssl ? 'https' : 'http'
-        @endpoint = "#{scheme}://#{url}"
-        
-        opts = Hash.new
-        opts = {:user => options[:user], :pass => options[:password], :basic_auth_only => options[:basic_auth_only], :disable_sspi => options[:disable_sspi], :no_ssl_peer_verification => options[:no_ssl_peer_verification]}
-        options[:transport] == :kerberos ? opts.merge!({:service => options[:service], :realm => options[:realm], :keytab => options[:keytab]}) : opts.merge!({:ca_trust_path => options[:ca_trust_path]})
-
-        Chef::Log.debug("WinRM::WinRMWebService options: #{opts}")
-        Chef::Log.debug("Endpoint: #{endpoint}")
-        Chef::Log.debug("Transport: #{options[:transport]}")
-        
-        @winrm_session = WinRM::WinRMWebService.new(@endpoint, options[:transport], opts)
-        @winrm_session.set_timeout(options[:operation_timeout]) if options[:operation_timeout]
-      end
-
-      def relay_command(command)
-        remote_id = @winrm_session.open_shell
-        command_id = @winrm_session.run_command(remote_id, command)
-        Chef::Log.debug("#{@host}[#{remote_id}] => :run_command[#{command}]")
-        session_result = get_output(remote_id, command_id)
-        @winrm_session.cleanup_command(remote_id, command_id)
-        Chef::Log.debug("#{@host}[#{remote_id}] => :command_cleanup[#{command}]")
-        @exit_code = session_result[:exitcode]
-        @winrm_session.close_shell(remote_id)
-        Chef::Log.debug("#{@host}[#{remote_id}] => :shell_close")
-      end
-
-      private
-
-      def get_output(remote_id, command_id)
-        @winrm_session.get_command_output(remote_id, command_id) do |out,error|
-          print_data(@host, out) if out
-          print_data(@host, error, :red) if error
-        end
-      end
-
-      def print_data(host, data, color = :cyan)
-        if data =~ /\n/
-          data.split(/\n/).each { |d| print_data(host, d, color) }
-        elsif !data.nil?
-          print Chef::Knife::Winrm.ui.color(host, color)
-          puts " #{data}"
-        end
-      end
-
-      def configure_proxy
-        if Chef::Config.respond_to?(:export_proxies)
-          Chef::Config.export_proxies
-        else
-          Chef::Application.new.configure_proxy_environment_variables
-        end
-      end
-    end
-  end
+#
+# Author:: Steven Murawski <smurawski@chef.io>
+# Copyright:: Copyright (c) 2015 Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/application'
+require 'winrm'
+
+class Chef
+  class Knife
+    class WinrmSession
+      attr_reader :host, :endpoint, :port, :output, :error, :exit_code
+
+      def initialize(options)
+        configure_proxy
+        
+        @host = options[:host]
+        @port = options[:port]
+        url = "#{options[:host]}:#{options[:port]}/wsman"
+        scheme = options[:transport] == :ssl ? 'https' : 'http'
+        @endpoint = "#{scheme}://#{url}"
+        
+        opts = Hash.new
+        opts = {:user => options[:user], :pass => options[:password], :basic_auth_only => options[:basic_auth_only], :disable_sspi => options[:disable_sspi], :no_ssl_peer_verification => options[:no_ssl_peer_verification]}
+        options[:transport] == :kerberos ? opts.merge!({:service => options[:service], :realm => options[:realm], :keytab => options[:keytab]}) : opts.merge!({:ca_trust_path => options[:ca_trust_path]})
+
+        Chef::Log.debug("WinRM::WinRMWebService options: #{opts}")
+        Chef::Log.debug("Endpoint: #{endpoint}")
+        Chef::Log.debug("Transport: #{options[:transport]}")
+        
+        @winrm_session = WinRM::WinRMWebService.new(@endpoint, options[:transport], opts)
+        @winrm_session.set_timeout(options[:operation_timeout]) if options[:operation_timeout]
+      end
+
+      def relay_command(command)
+        remote_id = @winrm_session.open_shell
+        command_id = @winrm_session.run_command(remote_id, command)
+        Chef::Log.debug("#{@host}[#{remote_id}] => :run_command[#{command}]")
+        session_result = get_output(remote_id, command_id)
+        @winrm_session.cleanup_command(remote_id, command_id)
+        Chef::Log.debug("#{@host}[#{remote_id}] => :command_cleanup[#{command}]")
+        @exit_code = session_result[:exitcode]
+        @winrm_session.close_shell(remote_id)
+        Chef::Log.debug("#{@host}[#{remote_id}] => :shell_close")
+      end
+
+      private
+
+      def get_output(remote_id, command_id)
+        @winrm_session.get_command_output(remote_id, command_id) do |out,error|
+          print_data(@host, out) if out
+          print_data(@host, error, :red) if error
+        end
+      end
+
+      def print_data(host, data, color = :cyan)
+        if data =~ /\n/
+          data.split(/\n/).each { |d| print_data(host, d, color) }
+        elsif !data.nil?
+          print Chef::Knife::Winrm.ui.color(host, color)
+          puts " #{data}"
+        end
+      end
+
+      def configure_proxy
+        if Chef::Config.respond_to?(:export_proxies)
+          Chef::Config.export_proxies
+        else
+          Chef::Application.new.configure_proxy_environment_variables
+        end
+      end
+    end
+  end
 end

data/lib/chef/knife/winrm_shared_options.rb

@@ -1,47 +1,47 @@
-#
-# Author:: Steven Murawski (<smurawski@chef.io)
-# Copyright:: Copyright (c) 2015 Chef Software, Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-require 'chef/knife'
-require 'chef/encrypted_data_bag_item'
-require 'kconv'
-
-class Chef
-  class Knife
-    module WinrmSharedOptions
-
-      # Shared command line options for knife winrm and knife wsman test
-      def self.included(includer)
-        includer.class_eval do
-          option :manual,
-            :short => "-m",
-            :long => "--manual-list",
-            :boolean => true,
-            :description => "QUERY is a space separated list of servers",
-            :default => false
-
-          option :attribute,
-            :short => "-a ATTR",
-            :long => "--attribute ATTR",
-            :description => "The attribute to use for opening the connection - default is fqdn",
-            :default => "fqdn"
-        end
-      end
-
-    end
-  end
-end
+#
+# Author:: Steven Murawski (<smurawski@chef.io)
+# Copyright:: Copyright (c) 2015 Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/knife'
+require 'chef/encrypted_data_bag_item'
+require 'kconv'
+
+class Chef
+  class Knife
+    module WinrmSharedOptions
+
+      # Shared command line options for knife winrm and knife wsman test
+      def self.included(includer)
+        includer.class_eval do
+          option :manual,
+            :short => "-m",
+            :long => "--manual-list",
+            :boolean => true,
+            :description => "QUERY is a space separated list of servers",
+            :default => false
+
+          option :attribute,
+            :short => "-a ATTR",
+            :long => "--attribute ATTR",
+            :description => "The attribute to use for opening the connection - default is fqdn",
+            :default => "fqdn"
+        end
+      end
+
+    end
+  end
+end

data/lib/chef/knife/wsman_endpoint.rb

@@ -1,44 +1,44 @@
-#
-# Author:: Steven Murawski (<smurawski@chef.io)
-# Copyright:: Copyright (c) 2015 Chef Software, Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-class Chef
-  class Knife
-    class WsmanEndpoint
-      attr_accessor :host
-      attr_accessor :wsman_port
-      attr_accessor :wsman_url
-      attr_accessor :product_version
-      attr_accessor :protocol_version
-      attr_accessor :product_vendor
-      attr_accessor :response_status_code
-      attr_accessor :error_message
-
-      def initialize(name, port, url)
-        @host = name
-        @wsman_port = port
-        @wsman_url = url
-      end
-
-      def to_hash
-        hash = {}
-        instance_variables.each {|var| hash[var.to_s.delete("@")] = instance_variable_get(var) }
-        hash
-      end
-    end
-  end
-end
+#
+# Author:: Steven Murawski (<smurawski@chef.io)
+# Copyright:: Copyright (c) 2015 Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+class Chef
+  class Knife
+    class WsmanEndpoint
+      attr_accessor :host
+      attr_accessor :wsman_port
+      attr_accessor :wsman_url
+      attr_accessor :product_version
+      attr_accessor :protocol_version
+      attr_accessor :product_vendor
+      attr_accessor :response_status_code
+      attr_accessor :error_message
+
+      def initialize(name, port, url)
+        @host = name
+        @wsman_port = port
+        @wsman_url = url
+      end
+
+      def to_hash
+        hash = {}
+        instance_variables.each {|var| hash[var.to_s.delete("@")] = instance_variable_get(var) }
+        hash
+      end
+    end
+  end
+end

data/lib/chef/knife/wsman_test.rb

@@ -1,95 +1,117 @@
-#
-# Author:: Steven Murawski (<smurawski@chef.io>)
-# Copyright:: Copyright (c) 2015 Chef Software, Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-require 'httpclient'
-require 'chef/knife'
-require 'chef/knife/winrm_knife_base'
-require 'chef/knife/wsman_endpoint'
-
-class Chef
-  class Knife
-    class WsmanTest < Knife
-
-      include Chef::Knife::WinrmCommandSharedFunctions
-
-      deps do
-        require 'chef/search/query'
-      end
-
-      banner "knife wsman test QUERY (options)"
-
-      def run
-        @config[:winrm_authentication_protocol] = 'basic'
-        configure_session
-        verify_wsman_accessiblity_for_nodes
-      end
-
-      def verify_wsman_accessiblity_for_nodes
-        error_count = 0
-        @winrm_sessions.each do |item|
-          Chef::Log.debug("checking for WSMAN availability at #{item.endpoint}")
-
-          xml = '<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:wsmid="http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd"><s:Header/><s:Body><wsmid:Identify/></s:Body></s:Envelope>'
-          header = {
-            'WSMANIDENTIFY' => 'unauthenticated',
-            'Content-Type' => 'application/soap+xml; charset=UTF-8'
-          }
-          output_object = Chef::Knife::WsmanEndpoint.new(item.host, item.port, item.endpoint)
-          error_message = nil
-          begin
-            client = HTTPClient.new
-            response = client.post(item.endpoint, xml, header)
-          rescue Exception => e
-            error_message = e.message
-          else
-            ui.msg "Connected successfully to #{item.host} at #{item.endpoint}."
-            output_object.response_status_code = response.status_code
-          end
-
-          if response.nil? || output_object.response_status_code != 200
-            error_message = "No valid WSMan endoint listening at #{item.endpoint}."
-          else
-            require 'nokogiri'
-            doc = Nokogiri::XML response.body
-            namespace = 'http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd'
-            output_object.protocol_version = doc.xpath('//wsmid:ProtocolVersion', 'wsmid' => namespace).text
-            output_object.product_version  = doc.xpath('//wsmid:ProductVersion',  'wsmid' => namespace).text
-            output_object.product_vendor  = doc.xpath('//wsmid:ProductVendor',   'wsmid' => namespace).text
-            if output_object.protocol_version.to_s.strip.length == 0
-              error_message = "Endpoint #{item.endpoint} on #{item.host} does not appear to be a WSMAN endpoint."
-            end
-          end
-
-          unless error_message.nil?
-            ui.warn "Failed to connect to #{item.host} at #{item.endpoint}."
-            output_object.error_message = error_message
-            error_count += 1
-          end
-
-          if config[:verbosity] >= 1
-            output(output_object)
-          end
-        end
-        if error_count > 0
-          ui.error "Failed to connect to #{error_count} nodes."
-          exit 1
-        end
-      end
-    end
-  end
-end
+#
+# Author:: Steven Murawski (<smurawski@chef.io>)
+# Copyright:: Copyright (c) 2015 Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'httpclient'
+require 'chef/knife'
+require 'chef/knife/winrm_knife_base'
+require 'chef/knife/wsman_endpoint'
+
+class Chef
+  class Knife
+    class WsmanTest < Knife
+
+      include Chef::Knife::WinrmCommandSharedFunctions
+
+      deps do
+        require 'chef/search/query'
+      end
+
+      banner "knife wsman test QUERY (options)"
+
+      def run
+        # pass a dummy password to avoid prompt for password
+        # but it does nothing
+        @config[:winrm_password] = 'cute_little_kittens'
+
+        configure_session
+        verify_wsman_accessiblity_for_nodes
+      end
+
+      private
+
+      def verify_wsman_accessiblity_for_nodes
+        error_count = 0
+        @winrm_sessions.each do |item|
+          Chef::Log.debug("checking for WSMAN availability at #{item.endpoint}")
+
+          ssl_error = nil
+          begin
+            response = post_identity_request(item.endpoint)
+            ui.msg "Connected successfully to #{item.host} at #{item.endpoint}."
+          rescue Exception => err
+          end
+
+          output_object = parse_response(item, response)
+          output_object.error_message += "\r\nError returned from endpoint: #{err.message}" if err
+
+          unless output_object.error_message.nil?
+            ui.warn "Failed to connect to #{item.host} at #{item.endpoint}."
+            if err && err.is_a?(OpenSSL::SSL::SSLError)
+              ui.warn "Failure due to an issue with SSL; likely cause would be unsuccesful certificate verification."
+              ui.warn "Either ensure your certificate is valid or use '--winrm-ssl-verify-mode verify_none' to ignore verification failures."
+            end
+            error_count += 1
+          end
+
+          if config[:verbosity] >= 1
+            output(output_object)
+          end
+        end
+        if error_count > 0
+          ui.error "Failed to connect to #{error_count} nodes."
+          exit 1
+        end
+      end
+
+      def post_identity_request(endpoint)
+        xml = '<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:wsmid="http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd"><s:Header/><s:Body><wsmid:Identify/></s:Body></s:Envelope>'
+        header = {
+          'WSMANIDENTIFY' => 'unauthenticated',
+          'Content-Type' => 'application/soap+xml; charset=UTF-8'
+        }
+
+        client = HTTPClient.new
+        client.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_NONE if resolve_no_ssl_peer_verification
+        client.post(endpoint, xml, header)
+      end
+
+      def parse_response(node, response)
+        output_object = Chef::Knife::WsmanEndpoint.new(node.host, node.port, node.endpoint)
+        output_object.response_status_code = response.status_code unless response.nil?
+
+        if response.nil? || response.status_code != 200
+          output_object.error_message = "No valid WSMan endoint listening at #{node.endpoint}."
+        else
+          doc = REXML::Document.new(response.body)
+          output_object.protocol_version = search_xpath(doc, "//wsmid:ProtocolVersion")
+          output_object.product_version  = search_xpath(doc, "//wsmid:ProductVersion")
+          output_object.product_vendor  = search_xpath(doc, "//wsmid:ProductVendor")
+          if output_object.protocol_version.to_s.strip.length == 0
+            output_object.error_message = "Endpoint #{node.endpoint} on #{node.host} does not appear to be a WSMAN endpoint. Response body was #{response.body}"
+          end
+        end
+        output_object
+      end
+
+      def search_xpath(document, property_name)
+        result = REXML::XPath.match(document, property_name)
+        result[0].nil? ? '' : result[0].text
+      end
+    end
+  end
+end