knife-windows 3.0.6 → 3.0.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/chef/knife/bootstrap_windows_base.rb +87 -86
- data/lib/chef/knife/bootstrap_windows_ssh.rb +43 -43
- data/lib/chef/knife/bootstrap_windows_winrm.rb +16 -17
- data/lib/chef/knife/knife_windows_base.rb +0 -1
- data/lib/chef/knife/windows_cert_generate.rb +31 -31
- data/lib/chef/knife/windows_cert_install.rb +6 -6
- data/lib/chef/knife/windows_helper.rb +8 -8
- data/lib/chef/knife/windows_listener_create.rb +24 -24
- data/lib/chef/knife/winrm.rb +17 -17
- data/lib/chef/knife/winrm_base.rb +64 -62
- data/lib/chef/knife/winrm_knife_base.rb +41 -41
- data/lib/chef/knife/winrm_session.rb +7 -7
- data/lib/chef/knife/winrm_shared_options.rb +17 -17
- data/lib/chef/knife/wsman_endpoint.rb +1 -1
- data/lib/chef/knife/wsman_test.rb +10 -10
- data/lib/knife-windows/version.rb +2 -2
- data/spec/dummy_winrm_connection.rb +0 -1
- data/spec/spec_helper.rb +5 -80
- data/spec/unit/knife/windows_cert_generate_spec.rb +6 -6
- data/spec/unit/knife/windows_cert_install_spec.rb +2 -2
- data/spec/unit/knife/windows_listener_create_spec.rb +2 -2
- data/spec/unit/knife/winrm_session_spec.rb +6 -7
- data/spec/unit/knife/winrm_spec.rb +91 -87
- data/spec/unit/knife/wsman_test_spec.rb +43 -43
- metadata +2 -2
@@ -15,8 +15,8 @@
|
|
15
15
|
# limitations under the License.
|
16
16
|
#
|
17
17
|
|
18
|
-
require
|
19
|
-
require_relative
|
18
|
+
require "chef/knife"
|
19
|
+
require_relative "winrm_base"
|
20
20
|
|
21
21
|
class Chef
|
22
22
|
class Knife
|
@@ -25,9 +25,9 @@ class Chef
|
|
25
25
|
banner "knife windows cert install CERT [CERT] (options)"
|
26
26
|
|
27
27
|
option :cert_passphrase,
|
28
|
-
:
|
29
|
-
:
|
30
|
-
:
|
28
|
+
short: "-cp PASSWORD",
|
29
|
+
long: "--cert-passphrase PASSWORD",
|
30
|
+
description: "Password for certificate."
|
31
31
|
|
32
32
|
def get_cert_passphrase
|
33
33
|
print "Enter given certificate's passphrase (empty for no passphrase):"
|
@@ -48,7 +48,7 @@ class Chef
|
|
48
48
|
|
49
49
|
begin
|
50
50
|
ui.info "Adding certificate to the Windows Certificate Store..."
|
51
|
-
result =
|
51
|
+
result = `powershell.exe -Command " '#{config[:cert_passphrase]}' | certutil -importPFX '#{file_path}' AT_KEYEXCHANGE"`
|
52
52
|
if $?.exitstatus == 0
|
53
53
|
ui.info "Certificate added to Certificate Store"
|
54
54
|
else
|
@@ -16,20 +16,20 @@
|
|
16
16
|
# limitations under the License.
|
17
17
|
#
|
18
18
|
|
19
|
-
require
|
20
|
-
require_relative
|
21
|
-
require_relative
|
22
|
-
require_relative
|
23
|
-
require_relative
|
19
|
+
require "chef/knife"
|
20
|
+
require_relative "winrm"
|
21
|
+
require_relative "bootstrap_windows_ssh"
|
22
|
+
require_relative "bootstrap_windows_winrm"
|
23
|
+
require_relative "wsman_test"
|
24
24
|
|
25
25
|
class Chef
|
26
26
|
class Knife
|
27
27
|
class WindowsHelper < Knife
|
28
28
|
|
29
29
|
banner "#{BootstrapWindowsWinrm.banner}\n" +
|
30
|
-
|
31
|
-
|
32
|
-
|
30
|
+
"#{BootstrapWindowsSsh.banner}\n" +
|
31
|
+
"#{Winrm.banner}\n" +
|
32
|
+
"#{WsmanTest.banner}"
|
33
33
|
end
|
34
34
|
end
|
35
35
|
end
|
@@ -15,9 +15,9 @@
|
|
15
15
|
# limitations under the License.
|
16
16
|
#
|
17
17
|
|
18
|
-
require
|
19
|
-
require_relative
|
20
|
-
require
|
18
|
+
require "chef/knife"
|
19
|
+
require_relative "winrm_base"
|
20
|
+
require "openssl"
|
21
21
|
|
22
22
|
class Chef
|
23
23
|
class Knife
|
@@ -26,31 +26,31 @@ class Chef
|
|
26
26
|
banner "knife windows listener create (options)"
|
27
27
|
|
28
28
|
option :cert_install,
|
29
|
-
:
|
30
|
-
:
|
31
|
-
:
|
29
|
+
short: "-c CERT_PATH",
|
30
|
+
long: "--cert-install CERT_PATH",
|
31
|
+
description: "Adds specified certificate to the Windows Certificate Store's Local Machine personal store before creating listener."
|
32
32
|
|
33
33
|
option :port,
|
34
|
-
:
|
35
|
-
:
|
36
|
-
:
|
37
|
-
:
|
34
|
+
short: "-p PORT",
|
35
|
+
long: "--port PORT",
|
36
|
+
description: "Specify port. Default is 5986",
|
37
|
+
default: "5986"
|
38
38
|
|
39
39
|
option :hostname,
|
40
|
-
:
|
41
|
-
:
|
42
|
-
:
|
43
|
-
:
|
40
|
+
short: "-h HOSTNAME",
|
41
|
+
long: "--hostname HOSTNAME",
|
42
|
+
description: "Hostname on the listener. Default is blank",
|
43
|
+
default: ""
|
44
44
|
|
45
45
|
option :cert_thumbprint,
|
46
|
-
:
|
47
|
-
:
|
48
|
-
:
|
46
|
+
short: "-t THUMBPRINT",
|
47
|
+
long: "--cert-thumbprint THUMBPRINT",
|
48
|
+
description: "Thumbprint of the certificate. Required only if --cert-install option is not used."
|
49
49
|
|
50
50
|
option :cert_passphrase,
|
51
|
-
:
|
52
|
-
:
|
53
|
-
:
|
51
|
+
short: "-cp PASSWORD",
|
52
|
+
long: "--cert-passphrase PASSWORD",
|
53
|
+
description: "Password for certificate."
|
54
54
|
|
55
55
|
def get_cert_passphrase
|
56
56
|
print "Enter given certificate's passphrase (empty for no passphrase):"
|
@@ -65,10 +65,10 @@ class Chef
|
|
65
65
|
begin
|
66
66
|
if config[:cert_install]
|
67
67
|
config[:cert_passphrase] = get_cert_passphrase unless config[:cert_passphrase]
|
68
|
-
result =
|
68
|
+
result = `powershell.exe -Command " '#{config[:cert_passphrase]}' | certutil -importPFX '#{config[:cert_install]}' AT_KEYEXCHANGE"`
|
69
69
|
if $?.exitstatus
|
70
70
|
ui.info "Certificate installed to Certificate Store"
|
71
|
-
result =
|
71
|
+
result = `powershell.exe -Command " echo (Get-PfxCertificate #{config[:cert_install]}).thumbprint "`
|
72
72
|
ui.info "Certificate Thumbprint: #{result}"
|
73
73
|
config[:cert_thumbprint] = result.strip
|
74
74
|
else
|
@@ -83,10 +83,10 @@ class Chef
|
|
83
83
|
exit 1
|
84
84
|
end
|
85
85
|
|
86
|
-
result =
|
86
|
+
result = `winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="#{config[:hostname]}";CertificateThumbprint="#{config[:cert_thumbprint]}";Port="#{config[:port]}"}`
|
87
87
|
Chef::Log.debug result
|
88
88
|
|
89
|
-
if
|
89
|
+
if $?.exitstatus == 0
|
90
90
|
ui.info "WinRM listener created with Port: #{config[:port]} and CertificateThumbprint: #{config[:cert_thumbprint]}"
|
91
91
|
else
|
92
92
|
ui.error "Error creating WinRM listener. use -VV for more details."
|
data/lib/chef/knife/winrm.rb
CHANGED
@@ -16,13 +16,13 @@
|
|
16
16
|
# limitations under the License.
|
17
17
|
#
|
18
18
|
|
19
|
-
require
|
20
|
-
require_relative
|
21
|
-
require_relative
|
22
|
-
require_relative
|
23
|
-
require_relative
|
24
|
-
require_relative
|
25
|
-
require_relative
|
19
|
+
require "chef/knife"
|
20
|
+
require_relative "winrm_knife_base"
|
21
|
+
require_relative "windows_cert_generate"
|
22
|
+
require_relative "windows_cert_install"
|
23
|
+
require_relative "windows_listener_create"
|
24
|
+
require_relative "winrm_session"
|
25
|
+
require_relative "knife_windows_base"
|
26
26
|
|
27
27
|
class Chef
|
28
28
|
class Knife
|
@@ -32,8 +32,8 @@ class Chef
|
|
32
32
|
include Chef::Knife::KnifeWindowsBase
|
33
33
|
|
34
34
|
deps do
|
35
|
-
require
|
36
|
-
require
|
35
|
+
require "readline"
|
36
|
+
require "chef/search/query"
|
37
37
|
end
|
38
38
|
|
39
39
|
attr_writer :password
|
@@ -41,9 +41,9 @@ class Chef
|
|
41
41
|
banner "knife winrm QUERY COMMAND (options)"
|
42
42
|
|
43
43
|
option :returns,
|
44
|
-
|
45
|
-
|
46
|
-
|
44
|
+
long: "--returns CODES",
|
45
|
+
description: "A comma delimited list of return codes which indicate success",
|
46
|
+
default: "0"
|
47
47
|
|
48
48
|
def run
|
49
49
|
STDOUT.sync = STDERR.sync = true
|
@@ -78,15 +78,15 @@ class Chef
|
|
78
78
|
puts
|
79
79
|
puts "To exit interactive mode, use 'quit!'"
|
80
80
|
puts
|
81
|
-
|
81
|
+
loop do
|
82
82
|
command = read_line
|
83
83
|
case command
|
84
|
-
when
|
85
|
-
puts
|
84
|
+
when "quit!"
|
85
|
+
puts "Bye!"
|
86
86
|
break
|
87
87
|
when /^on (.+?); (.+)$/
|
88
88
|
raw_list = $1.split(" ")
|
89
|
-
server_list =
|
89
|
+
server_list = []
|
90
90
|
@winrm_sessions.each do |session_server|
|
91
91
|
server_list << session_server if raw_list.include?(session_server.host)
|
92
92
|
end
|
@@ -104,7 +104,7 @@ class Chef
|
|
104
104
|
# line is input.
|
105
105
|
def read_line
|
106
106
|
loop do
|
107
|
-
command = reader.readline("#{ui.color(
|
107
|
+
command = reader.readline("#{ui.color("knife-winrm>", :bold)} ", true)
|
108
108
|
|
109
109
|
if command.nil?
|
110
110
|
command = "exit"
|
@@ -16,16 +16,16 @@
|
|
16
16
|
# limitations under the License.
|
17
17
|
#
|
18
18
|
|
19
|
-
require
|
20
|
-
require
|
21
|
-
require
|
19
|
+
require "chef/knife"
|
20
|
+
require "chef/encrypted_data_bag_item"
|
21
|
+
require "kconv"
|
22
22
|
|
23
23
|
class Chef
|
24
24
|
class Knife
|
25
25
|
module WinrmBase
|
26
26
|
|
27
27
|
# It includes supported WinRM authentication protocol.
|
28
|
-
WINRM_AUTH_PROTOCOL_LIST ||= %w{basic negotiate kerberos}
|
28
|
+
WINRM_AUTH_PROTOCOL_LIST ||= %w{basic negotiate kerberos}.freeze
|
29
29
|
|
30
30
|
# :nodoc:
|
31
31
|
# Would prefer to do this in a rational way, but can't be done b/c of
|
@@ -34,93 +34,95 @@ class Chef
|
|
34
34
|
includer.class_eval do
|
35
35
|
|
36
36
|
deps do
|
37
|
-
require
|
38
|
-
require
|
37
|
+
require "readline"
|
38
|
+
require "chef/json_compat"
|
39
39
|
end
|
40
40
|
|
41
41
|
option :winrm_user,
|
42
|
-
:
|
43
|
-
:
|
44
|
-
:
|
45
|
-
:
|
46
|
-
:
|
42
|
+
short: "-x USERNAME",
|
43
|
+
long: "--winrm-user USERNAME",
|
44
|
+
description: "The WinRM username",
|
45
|
+
default: "Administrator",
|
46
|
+
proc: Proc.new { |key| Chef::Config[:knife][:winrm_user] = key }
|
47
47
|
|
48
48
|
option :winrm_password,
|
49
|
-
:
|
50
|
-
:
|
51
|
-
:
|
52
|
-
:
|
49
|
+
short: "-P PASSWORD",
|
50
|
+
long: "--winrm-password PASSWORD",
|
51
|
+
description: "The WinRM password",
|
52
|
+
proc: Proc.new { |key| Chef::Config[:knife][:winrm_password] = key }
|
53
53
|
|
54
54
|
option :winrm_shell,
|
55
|
-
:
|
56
|
-
:
|
57
|
-
:
|
58
|
-
:
|
55
|
+
long: "--winrm-shell SHELL",
|
56
|
+
description: "The WinRM shell type. Valid choices are [cmd, powershell, elevated]. 'elevated' runs powershell in a scheduled task",
|
57
|
+
default: :cmd,
|
58
|
+
proc: Proc.new { |shell| shell.to_sym }
|
59
59
|
|
60
60
|
option :winrm_transport,
|
61
|
-
:
|
62
|
-
:
|
63
|
-
:
|
64
|
-
:
|
65
|
-
:
|
66
|
-
|
61
|
+
short: "-w TRANSPORT",
|
62
|
+
long: "--winrm-transport TRANSPORT",
|
63
|
+
description: "The WinRM transport type. Valid choices are [ssl, plaintext]",
|
64
|
+
default: "plaintext",
|
65
|
+
proc: Proc.new { |transport|
|
66
|
+
Chef::Config[:knife][:winrm_port] = "5986" if transport == "ssl"
|
67
|
+
Chef::Config[:knife][:winrm_transport] = transport
|
68
|
+
}
|
67
69
|
|
68
70
|
option :winrm_port,
|
69
|
-
:
|
70
|
-
:
|
71
|
-
:
|
72
|
-
:
|
73
|
-
:
|
71
|
+
short: "-p PORT",
|
72
|
+
long: "--winrm-port PORT",
|
73
|
+
description: "The WinRM port, by default this is '5985' for 'plaintext' and '5986' for 'ssl' winrm transport",
|
74
|
+
default: "5985",
|
75
|
+
proc: Proc.new { |key| Chef::Config[:knife][:winrm_port] = key }
|
74
76
|
|
75
77
|
option :kerberos_keytab_file,
|
76
|
-
:
|
77
|
-
:
|
78
|
-
:
|
79
|
-
:
|
78
|
+
short: "-T KEYTAB_FILE",
|
79
|
+
long: "--keytab-file KEYTAB_FILE",
|
80
|
+
description: "The Kerberos keytab file used for authentication",
|
81
|
+
proc: Proc.new { |keytab| Chef::Config[:knife][:kerberos_keytab_file] = keytab }
|
80
82
|
|
81
83
|
option :kerberos_realm,
|
82
|
-
:
|
83
|
-
:
|
84
|
-
:
|
85
|
-
:
|
84
|
+
short: "-R KERBEROS_REALM",
|
85
|
+
long: "--kerberos-realm KERBEROS_REALM",
|
86
|
+
description: "The Kerberos realm used for authentication",
|
87
|
+
proc: Proc.new { |realm| Chef::Config[:knife][:kerberos_realm] = realm }
|
86
88
|
|
87
89
|
option :kerberos_service,
|
88
|
-
:
|
89
|
-
:
|
90
|
-
:
|
91
|
-
:
|
90
|
+
short: "-S KERBEROS_SERVICE",
|
91
|
+
long: "--kerberos-service KERBEROS_SERVICE",
|
92
|
+
description: "The Kerberos service used for authentication",
|
93
|
+
proc: Proc.new { |service| Chef::Config[:knife][:kerberos_service] = service }
|
92
94
|
|
93
95
|
option :ca_trust_file,
|
94
|
-
:
|
95
|
-
:
|
96
|
-
:
|
97
|
-
:
|
96
|
+
short: "-f CA_TRUST_FILE",
|
97
|
+
long: "--ca-trust-file CA_TRUST_FILE",
|
98
|
+
description: "The Certificate Authority (CA) trust file used for SSL transport",
|
99
|
+
proc: Proc.new { |trust| Chef::Config[:knife][:ca_trust_file] = trust }
|
98
100
|
|
99
101
|
option :winrm_ssl_verify_mode,
|
100
|
-
:
|
101
|
-
:
|
102
|
-
:
|
103
|
-
:
|
102
|
+
long: "--winrm-ssl-verify-mode SSL_VERIFY_MODE",
|
103
|
+
description: "The WinRM peer verification mode. Valid choices are [verify_peer, verify_none]",
|
104
|
+
default: :verify_peer,
|
105
|
+
proc: Proc.new { |verify_mode| verify_mode.to_sym }
|
104
106
|
|
105
107
|
option :ssl_peer_fingerprint,
|
106
|
-
:
|
107
|
-
:
|
108
|
+
long: "--ssl-peer-fingerprint FINGERPRINT",
|
109
|
+
description: "ssl Cert Fingerprint to bypass normal cert chain checks"
|
108
110
|
|
109
111
|
option :winrm_authentication_protocol,
|
110
|
-
:
|
111
|
-
:
|
112
|
-
:
|
113
|
-
:
|
112
|
+
long: "--winrm-authentication-protocol AUTHENTICATION_PROTOCOL",
|
113
|
+
description: "The authentication protocol used during WinRM communication. The supported protocols are #{WINRM_AUTH_PROTOCOL_LIST.join(",")}. Default is 'negotiate'.",
|
114
|
+
default: "negotiate",
|
115
|
+
proc: Proc.new { |protocol| Chef::Config[:knife][:winrm_authentication_protocol] = protocol }
|
114
116
|
|
115
117
|
option :session_timeout,
|
116
|
-
:
|
117
|
-
:
|
118
|
-
:
|
118
|
+
long: "--session-timeout Minutes",
|
119
|
+
description: "The timeout for the client for the maximum length of the WinRM session",
|
120
|
+
default: 30
|
119
121
|
|
120
122
|
option :winrm_codepage,
|
121
|
-
:
|
122
|
-
:
|
123
|
-
:
|
123
|
+
long: "--winrm-codepage Codepage",
|
124
|
+
description: "The codepage to use for the winrm cmd shell",
|
125
|
+
default: 65001
|
124
126
|
end
|
125
127
|
end
|
126
128
|
end
|
@@ -16,17 +16,16 @@
|
|
16
16
|
# limitations under the License.
|
17
17
|
#
|
18
18
|
|
19
|
-
|
20
|
-
|
21
|
-
require_relative
|
22
|
-
require_relative
|
23
|
-
require_relative 'knife_windows_base'
|
19
|
+
require "chef/knife"
|
20
|
+
require_relative "winrm_base"
|
21
|
+
require_relative "winrm_shared_options"
|
22
|
+
require_relative "knife_windows_base"
|
24
23
|
|
25
24
|
class Chef
|
26
25
|
class Knife
|
27
26
|
module WinrmCommandSharedFunctions
|
28
27
|
|
29
|
-
FAILED_BASIC_HINT ||= "Hint: Please check winrm configuration 'winrm get winrm/config/service' AllowUnencrypted flag on remote server."
|
28
|
+
FAILED_BASIC_HINT ||= "Hint: Please check winrm configuration 'winrm get winrm/config/service' AllowUnencrypted flag on remote server.".freeze
|
30
29
|
FAILED_NOT_BASIC_HINT ||= <<-eos.gsub /^\s+/, ""
|
31
30
|
Hint: Make sure to prefix domain usernames with the correct domain name.
|
32
31
|
Hint: Local user names should be prefixed with computer name or IP address.
|
@@ -45,7 +44,7 @@ class Chef
|
|
45
44
|
def validate_winrm_options!
|
46
45
|
winrm_auth_protocol = locate_config_value(:winrm_authentication_protocol)
|
47
46
|
|
48
|
-
|
47
|
+
unless Chef::Knife::WinrmBase::WINRM_AUTH_PROTOCOL_LIST.include?(winrm_auth_protocol)
|
49
48
|
ui.error "Invalid value '#{winrm_auth_protocol}' for --winrm-authentication-protocol option."
|
50
49
|
ui.info "Valid values are #{Chef::Knife::WinrmBase::WINRM_AUTH_PROTOCOL_LIST.join(",")}."
|
51
50
|
exit 1
|
@@ -54,8 +53,8 @@ class Chef
|
|
54
53
|
warn_no_ssl_peer_verification if resolve_no_ssl_peer_verification
|
55
54
|
end
|
56
55
|
|
57
|
-
#Overrides Chef::Knife#configure_session, as that code is tied to the SSH implementation
|
58
|
-
#Tracked by Issue # 3042 / https://github.com/chef/chef/issues/3042
|
56
|
+
# Overrides Chef::Knife#configure_session, as that code is tied to the SSH implementation
|
57
|
+
# Tracked by Issue # 3042 / https://github.com/chef/chef/issues/3042
|
59
58
|
def configure_session
|
60
59
|
validate_winrm_options!
|
61
60
|
resolve_session_options
|
@@ -68,7 +67,7 @@ class Chef
|
|
68
67
|
when true
|
69
68
|
@name_args[0].split(" ")
|
70
69
|
when false
|
71
|
-
r =
|
70
|
+
r = []
|
72
71
|
q = Chef::Search::Query.new
|
73
72
|
@action_nodes = q.search(:node, @name_args[0])[0]
|
74
73
|
@action_nodes.each do |item|
|
@@ -78,16 +77,16 @@ class Chef
|
|
78
77
|
r
|
79
78
|
end
|
80
79
|
|
81
|
-
|
80
|
+
if @list.length == 0
|
82
81
|
if @action_nodes.length == 0
|
83
82
|
ui.fatal("No nodes returned from search!")
|
84
83
|
else
|
85
|
-
ui.fatal("#{@action_nodes.length} #{@action_nodes.length > 1 ? "nodes":"node"} found, " +
|
84
|
+
ui.fatal("#{@action_nodes.length} #{@action_nodes.length > 1 ? "nodes" : "node"} found, " +
|
86
85
|
"but does not have the required attribute (#{config[:attribute]}) to establish the connection. " +
|
87
86
|
"Try setting another attribute to open the connection using --attribute.")
|
88
87
|
end
|
89
88
|
exit 10
|
90
|
-
|
89
|
+
end
|
91
90
|
end
|
92
91
|
|
93
92
|
# TODO: Copied from Knife::Core:GenericPresenter. Should be extracted
|
@@ -107,10 +106,10 @@ class Chef
|
|
107
106
|
end
|
108
107
|
end
|
109
108
|
end
|
110
|
-
( !data.
|
109
|
+
( !data.is_a?(Array) && data.respond_to?(:to_hash) ) ? data.to_hash : data
|
111
110
|
end
|
112
111
|
|
113
|
-
def run_command(command =
|
112
|
+
def run_command(command = "")
|
114
113
|
relay_winrm_command(command)
|
115
114
|
check_for_errors!
|
116
115
|
@exit_code
|
@@ -143,7 +142,7 @@ class Chef
|
|
143
142
|
@session_results << s.relay_command(command)
|
144
143
|
rescue WinRM::WinRMHTTPTransportError, WinRM::WinRMAuthorizationError => e
|
145
144
|
if authorization_error?(e)
|
146
|
-
|
145
|
+
unless config[:suppress_auth_failure]
|
147
146
|
# Display errors if the caller hasn't opted to retry
|
148
147
|
ui.error "Failed to authenticate to #{s.host} as #{locate_config_value(:winrm_user)}"
|
149
148
|
ui.info "Response: #{e.message}"
|
@@ -180,9 +179,10 @@ class Chef
|
|
180
179
|
end
|
181
180
|
|
182
181
|
def success_return_codes
|
183
|
-
#Redundant if the CLI options parsing occurs
|
182
|
+
# Redundant if the CLI options parsing occurs
|
184
183
|
return [0] unless config[:returns]
|
185
|
-
|
184
|
+
|
185
|
+
@success_return_codes ||= config[:returns].split(",").collect(&:to_i)
|
186
186
|
end
|
187
187
|
|
188
188
|
def session_from_list
|
@@ -193,7 +193,7 @@ class Chef
|
|
193
193
|
end
|
194
194
|
end
|
195
195
|
|
196
|
-
def create_winrm_session(options={})
|
196
|
+
def create_winrm_session(options = {})
|
197
197
|
session = Chef::Knife::WinrmSession.new(options)
|
198
198
|
@winrm_sessions ||= []
|
199
199
|
@winrm_sessions.push(session)
|
@@ -211,10 +211,10 @@ class Chef
|
|
211
211
|
no_ssl_peer_verification: resolve_no_ssl_peer_verification,
|
212
212
|
ssl_peer_fingerprint: resolve_ssl_peer_fingerprint,
|
213
213
|
shell: locate_config_value(:winrm_shell),
|
214
|
-
codepage: locate_config_value(:winrm_codepage)
|
214
|
+
codepage: locate_config_value(:winrm_codepage),
|
215
215
|
}
|
216
216
|
|
217
|
-
if @session_opts[:user]
|
217
|
+
if @session_opts[:user] && (not @session_opts[:password])
|
218
218
|
@session_opts[:password] = Chef::Config[:knife][:winrm_password] = config[:winrm_password] = get_password
|
219
219
|
end
|
220
220
|
|
@@ -231,9 +231,9 @@ class Chef
|
|
231
231
|
# Prefixing with '.\' when using negotiate
|
232
232
|
# to auth user against local machine domain
|
233
233
|
if resolve_winrm_basic_auth ||
|
234
|
-
|
235
|
-
|
236
|
-
|
234
|
+
resolve_winrm_transport == :kerberos ||
|
235
|
+
user.include?("\\") ||
|
236
|
+
user.include?("@")
|
237
237
|
user
|
238
238
|
else
|
239
239
|
".\\#{user}"
|
@@ -241,7 +241,7 @@ class Chef
|
|
241
241
|
end
|
242
242
|
|
243
243
|
def resolve_winrm_session_timeout
|
244
|
-
#30 min (Default) OperationTimeout for long bootstraps fix for KNIFE_WINDOWS-8
|
244
|
+
# 30 min (Default) OperationTimeout for long bootstraps fix for KNIFE_WINDOWS-8
|
245
245
|
locate_config_value(:session_timeout).to_i * 60 if locate_config_value(:session_timeout)
|
246
246
|
end
|
247
247
|
|
@@ -259,7 +259,7 @@ class Chef
|
|
259
259
|
|
260
260
|
def resolve_winrm_transport
|
261
261
|
transport = locate_config_value(:winrm_transport).to_sym
|
262
|
-
if config.any? {|k,v| k.to_s =~ /kerberos/ && !v.nil? }
|
262
|
+
if config.any? { |k, v| k.to_s =~ /kerberos/ && !v.nil? }
|
263
263
|
transport = :kerberos
|
264
264
|
elsif transport != :ssl && negotiate_auth?
|
265
265
|
transport = :negotiate
|
@@ -289,22 +289,22 @@ class Chef
|
|
289
289
|
end
|
290
290
|
|
291
291
|
def warn_no_ssl_peer_verification
|
292
|
-
|
292
|
+
unless @@ssl_warning_given
|
293
293
|
@@ssl_warning_given = true
|
294
|
-
ui.warn(
|
295
|
-
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
|
296
|
-
SSL validation of HTTPS requests for the WinRM transport is disabled. HTTPS WinRM
|
297
|
-
connections are still encrypted, but knife is not able to detect forged replies
|
298
|
-
or spoofing attacks.
|
299
|
-
|
300
|
-
To fix this issue add an entry like this to your knife configuration file:
|
301
|
-
|
302
|
-
```
|
303
|
-
|
304
|
-
|
305
|
-
```
|
306
|
-
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
|
307
|
-
WARN
|
294
|
+
ui.warn(<<~WARN)
|
295
|
+
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
|
296
|
+
SSL validation of HTTPS requests for the WinRM transport is disabled. HTTPS WinRM
|
297
|
+
connections are still encrypted, but knife is not able to detect forged replies
|
298
|
+
or spoofing attacks.
|
299
|
+
|
300
|
+
To fix this issue add an entry like this to your knife configuration file:
|
301
|
+
|
302
|
+
```
|
303
|
+
# Verify all WinRM HTTPS connections (default, recommended)
|
304
|
+
knife[:winrm_ssl_verify_mode] = :verify_peer
|
305
|
+
```
|
306
|
+
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
|
307
|
+
WARN
|
308
308
|
end
|
309
309
|
end
|
310
310
|
|