realityforge-knife-windows 0.5.14

data/lib/chef/knife/winrm.rb

@@ -0,0 +1,268 @@
+#
+# Author:: Seth Chisamore (<schisamo@opscode.com>)
+# Copyright:: Copyright (c) 2011 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/knife'
+require 'chef/knife/winrm_base'
+
+class Chef
+  class Knife
+    class Winrm < Knife
+
+      include Chef::Knife::WinrmBase
+
+      deps do
+        require 'readline'
+        require 'chef/search/query'
+        require 'em-winrm'
+      end
+
+      attr_writer :password
+
+      banner "knife winrm QUERY COMMAND (options)"
+
+      option :address_attribute,
+        :short => "-a ATTR",
+        :long => "--attribute ATTR",
+        :description => "The attribute to use for opening the connection - default is fqdn",
+        :default => "fqdn"
+
+      option :returns,
+       :long => "--returns CODES",
+       :description => "A comma delimited list of return codes which indicate success",
+       :default => nil,
+       :proc => Proc.new { |codes|
+         Chef::Config[:knife][:returns] = codes.split(',').collect {|item| item.to_i} }
+
+      option :manual,
+        :short => "-m",
+        :long => "--manual-list",
+        :boolean => true,
+        :description => "QUERY is a space separated list of servers",
+        :default => false
+
+      def session
+        session_opts = {}
+        session_opts[:logger] = Chef::Log.logger if Chef::Log.level == :debug
+        @session ||= begin
+          s = EventMachine::WinRM::Session.new(session_opts)
+          s.on_output do |host, data|
+            print_data(host, data)
+          end
+          s.on_error do |host, err|
+            print_data(host, err, :red)
+          end
+          s.on_command_complete do |host|
+            host = host == :all ? 'All Servers' : host
+            Chef::Log.debug("command complete on #{host}")
+          end
+          s
+        end
+
+      end
+
+      def configure_session
+        list = case config[:manual]
+               when true
+                 @name_args[0].split(" ")
+               when false
+                 r = Array.new
+                 q = Chef::Search::Query.new
+                 @action_nodes = q.search(:node, @name_args[0])[0]
+                 @action_nodes.each do |item|
+                   i = format_for_display(item)[config[:address_attribute]]
+                   r.push(i) unless i.nil?
+                 end
+                 r
+               end
+        if list.length == 0
+          if @action_nodes.length == 0
+            ui.fatal("No nodes returned from search!")
+          else
+            p format_for_display(@action_nodes[0])#['fqdn']
+            p @action_nodes[0]
+            ui.fatal("#{@action_nodes.length} #{@action_nodes.length > 1 ? "nodes":"node"} found, " +
+                     "but does not have the required attribute (#{config[:address_attribute]}) to establish the connection. " +
+                     "Try setting another attribute to open the connection using --address_attribute.")
+          end
+          exit 10
+        end
+        session_from_list(list)
+      end
+
+      def session_from_list(list)
+        list.each do |item|
+          Chef::Log.debug("Adding #{item}")
+          session_opts = {}
+          session_opts[:user] = config[:winrm_user] = Chef::Config[:knife][:winrm_user] || config[:winrm_user]
+          session_opts[:password] = config[:winrm_password] = Chef::Config[:knife][:winrm_password] || config[:winrm_password]
+          session_opts[:port] = Chef::Config[:knife][:winrm_port] || config[:winrm_port]
+          session_opts[:keytab] = Chef::Config[:knife][:kerberos_keytab_file] if Chef::Config[:knife][:kerberos_keytab_file]
+          session_opts[:realm] = Chef::Config[:knife][:kerberos_realm] if Chef::Config[:knife][:kerberos_realm]
+          session_opts[:service] = Chef::Config[:knife][:kerberos_service] if Chef::Config[:knife][:kerberos_service]
+          session_opts[:ca_trust_path] = Chef::Config[:knife][:ca_trust_file] if Chef::Config[:knife][:ca_trust_file]
+          session_opts[:operation_timeout] = 1800 # 30 min OperationTimeout for long bootstraps fix for KNIFE_WINDOWS-8
+
+          ## If you have a \\ in your name you need to use NTLM domain authentication
+          if session_opts[:user].split("\\").length.eql?(2)
+            session_opts[:basic_auth_only] = false
+          else
+            session_opts[:basic_auth_only] = true
+          end
+
+          if config.keys.any? {|k| k.to_s =~ /kerberos/ }
+            session_opts[:transport] = :kerberos
+            session_opts[:basic_auth_only] = false
+          else
+            session_opts[:transport] = (Chef::Config[:knife][:winrm_transport] || config[:winrm_transport]).to_sym
+            session_opts[:disable_sspi] = true
+            if session_opts[:user] and
+                (not session_opts[:password])
+              session_opts[:password] = Chef::Config[:knife][:winrm_password] = config[:winrm_password] = get_password
+
+            end
+          end
+
+          session.use(item, session_opts)
+
+          @longest = item.length if item.length > @longest
+        end
+        session
+      end
+
+      def print_data(host, data, color = :cyan)
+        if data =~ /\n/
+          data.split(/\n/).each { |d| print_data(host, d, color) }
+        else
+          padding = @longest - host.length
+          print ui.color(host, color)
+          padding.downto(0) { print " " }
+          puts data.chomp
+        end
+      end
+
+      def winrm_command(command, subsession=nil)
+        subsession ||= session
+        subsession.relay_command(command)
+      end
+
+      def get_password
+        @password ||= ui.ask("Enter your password: ") { |q| q.echo = false }
+      end
+
+      # Present the prompt and read a single line from the console. It also
+      # detects ^D and returns "exit" in that case. Adds the input to the
+      # history, unless the input is empty. Loops repeatedly until a non-empty
+      # line is input.
+      def read_line
+        loop do
+          command = reader.readline("#{ui.color('knife-winrm>', :bold)} ", true)
+
+          if command.nil?
+            command = "exit"
+            puts(command)
+          else
+            command.strip!
+          end
+
+          unless command.empty?
+            return command
+          end
+        end
+      end
+
+      def reader
+        Readline
+      end
+
+      def interactive
+        puts "Connected to #{ui.list(session.servers.collect { |s| ui.color(s.host, :cyan) }, :inline, " and ")}"
+        puts
+        puts "To run a command on a list of servers, do:"
+        puts "  on SERVER1 SERVER2 SERVER3; COMMAND"
+        puts "  Example: on latte foamy; echo foobar"
+        puts
+        puts "To exit interactive mode, use 'quit!'"
+        puts
+        while 1
+          command = read_line
+          case command
+          when 'quit!'
+            puts 'Bye!'
+            session.close
+            break
+          when /^on (.+?); (.+)$/
+            raw_list = $1.split(" ")
+            server_list = Array.new
+            session.servers.each do |session_server|
+              server_list << session_server if raw_list.include?(session_server.host)
+            end
+            command = $2
+            winrm_command(command, session.on(*server_list))
+          else
+            winrm_command(command)
+          end
+        end
+      end
+
+      def check_for_errors!(exit_codes)
+
+        exit_codes.each do |host, value|
+          unless Chef::Config[:knife][:returns].include? value.to_i
+            @exit_code = 1
+            ui.error "Failed to execute command on #{host} return code #{value}"
+          end
+        end
+
+      end
+
+      def run
+        STDOUT.sync = STDERR.sync = true
+
+        begin
+          @longest = 0
+
+          configure_session
+
+          case @name_args[1]
+          when "interactive"
+            interactive
+          else
+            winrm_command(@name_args[1..-1].join(" "))
+
+            if config[:returns]
+              check_for_errors! session.exit_codes
+            end
+
+            session.close
+            @exit_code || 0
+          end
+        rescue WinRM::WinRMHTTPTransportError => e
+          case e.message
+          when /401/
+            ui.error "Failed to authenticate to #{@name_args[0].split(" ")} as #{config[:winrm_user]}"
+            ui.info "Response: #{e.message}"
+          else
+            raise e
+          end
+        end
+      end
+
+    end
+  end
+end
+

data/lib/chef/knife/winrm_base.rb

@@ -0,0 +1,98 @@
+#
+# Author:: Seth Chisamore (<schisamo@opscode.com>)
+# Copyright:: Copyright (c) 2011 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/knife'
+require 'chef/encrypted_data_bag_item'
+
+class Chef
+  class Knife
+    module WinrmBase
+
+      # :nodoc:
+      # Would prefer to do this in a rational way, but can't be done b/c of
+      # Mixlib::CLI's design :(
+      def self.included(includer)
+        includer.class_eval do
+
+          deps do
+            require 'readline'
+            require 'chef/json_compat'
+          end
+
+          option :winrm_user,
+            :short => "-x USERNAME",
+            :long => "--winrm-user USERNAME",
+            :description => "The WinRM username",
+            :default => "Administrator",
+            :proc => Proc.new { |key| Chef::Config[:knife][:winrm_user] = key }
+
+          option :winrm_password,
+            :short => "-P PASSWORD",
+            :long => "--winrm-password PASSWORD",
+            :description => "The WinRM password",
+            :proc => Proc.new { |key| Chef::Config[:knife][:winrm_password] = key }
+
+          option :winrm_port,
+            :short => "-p PORT",
+            :long => "--winrm-port PORT",
+            :description => "The WinRM port, by default this is 5985",
+            :default => "5985",
+            :proc => Proc.new { |key| Chef::Config[:knife][:winrm_port] = key }
+
+          option :identity_file,
+            :short => "-i IDENTITY_FILE",
+            :long => "--identity-file IDENTITY_FILE",
+            :description => "The SSH identity file used for authentication"
+
+          option :winrm_transport,
+            :short => "-t TRANSPORT",
+            :long => "--winrm-transport TRANSPORT",
+            :description => "The WinRM transport type.  valid choices are [ssl, plaintext]",
+            :default => 'plaintext',
+            :proc => Proc.new { |transport| Chef::Config[:knife][:winrm_transport] = transport }
+
+          option :kerberos_keytab_file,
+            :short => "-i KEYTAB_FILE",
+            :long => "--keytab-file KEYTAB_FILE",
+            :description => "The Kerberos keytab file used for authentication",
+            :proc => Proc.new { |keytab| Chef::Config[:knife][:kerberos_keytab_file] = keytab }
+
+          option :kerberos_realm,
+            :short => "-R KERBEROS_REALM",
+            :long => "--kerberos-realm KERBEROS_REALM",
+            :description => "The Kerberos realm used for authentication",
+            :proc => Proc.new { |realm| Chef::Config[:knife][:kerberos_realm] = realm }
+
+          option :kerberos_service,
+            :short => "-S KERBEROS_SERVICE",
+            :long => "--kerberos-service KERBEROS_SERVICE",
+            :description => "The Kerberos service used for authentication",
+            :proc => Proc.new { |service| Chef::Config[:knife][:kerberos_service] = service }
+
+          option :ca_trust_file,
+            :short => "-f CA_TRUST_FILE",
+            :long => "--ca-trust-file CA_TRUST_FILE",
+            :description => "The Certificate Authority (CA) trust file used for SSL transport",
+            :proc => Proc.new { |trust| Chef::Config[:knife][:ca_trust_file] = trust }
+
+        end
+      end
+
+    end
+  end
+end

data/lib/knife-windows/version.rb

@@ -0,0 +1,6 @@
+module Knife
+  module Windows
+    VERSION = "0.5.14"
+    MAJOR, MINOR, TINY = VERSION.split('.')
+  end
+end

data/spec/functional/bootstrap_download_spec.rb

@@ -0,0 +1,115 @@
+#
+# Author:: Adam Edwards (<adamed@opscode.com>)
+# Copyright:: Copyright (c) 2012 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'spec_helper'
+require 'tmpdir'
+
+# These test cases exercise the Knife::Windows knife plugin's ability
+# to download a bootstrap msi as part of the bootstrap process on
+# Windows nodes. The test modifies the Windows batch file generated
+# from an erb template in the plugin source in order to enable execution
+# of only the download functionality contained in the bootstrap template.
+# The test relies on knowledge of the fields of the template itself and 
+# also on knowledge of the contents and structure of the Windows batch
+# file generated by the template.
+#
+# Note that if the bootstrap template changes substantially, the tests
+# should fail and will require re-implementation. If such changes
+# occur, the bootstrap code should be refactored to explicitly expose
+# the download funcitonality separately from other tasks to make the
+# test more robust.
+describe 'Knife::Windows::Core msi download functionality for knife Windows winrm bootstrap template' do 
+
+  before(:all) do
+    # Since we're always running 32-bit Ruby, fix the
+    # PROCESSOR_ARCHITECTURE environment variable.
+
+    if ENV["PROCESSOR_ARCHITEW6432"]
+      ENV["PROCESSOR_ARCHITECTURE"] = ENV["PROCESSOR_ARCHITEW6432"]
+    end
+    
+    # All file artifacts from this test will be written into this directory
+    @temp_directory = Dir.mktmpdir("bootstrap_test")
+
+    # Location to which the download script will be modified to write
+    # the downloaded msi
+    @local_file_download_destination = "#{@temp_directory}/chef-client-latest.msi"
+  end
+
+  after(:all) do
+    # Clear the temp directory upon exit
+    if Dir.exists?(@temp_directory)
+      FileUtils::remove_dir(@temp_directory)
+    end
+  end
+
+  describe "running on any version of the Windows OS", :windows_only do
+    before do
+      @mock_bootstrap_context = Chef::Knife::Core::WindowsBootstrapContext.new({ }, nil, { })
+
+      # Stub the bootstrap context and prevent config related sections
+      # to be populated, chef installation and first chef run
+      @mock_bootstrap_context.stub(:validation_key).and_return("echo.validation_key")
+      @mock_bootstrap_context.stub(:encrypted_data_bag_secret).and_return("echo.encrypted_data_bag_secret")
+      @mock_bootstrap_context.stub(:config_content).and_return("echo.config_content")
+      @mock_bootstrap_context.stub(:start_chef).and_return("echo.echo start_chef_command")
+      @mock_bootstrap_context.stub(:run_list).and_return("echo.run_list")
+      @mock_bootstrap_context.stub(:install_chef).and_return("echo.echo install_chef_command")
+
+      # Change the directorires where bootstrap files will be created
+      @mock_bootstrap_context.stub(:bootstrap_directory).and_return(@temp_directory.gsub(::File::SEPARATOR, ::File::ALT_SEPARATOR))
+      @mock_bootstrap_context.stub(:local_download_path).and_return(@local_file_download_destination.gsub(::File::SEPARATOR, ::File::ALT_SEPARATOR))
+
+      # Prevent password prompt during bootstrap process
+      @mock_winrm = Chef::Knife::Winrm.new
+      @mock_winrm.stub(:get_password).and_return(nil)
+      Chef::Knife::Winrm.stub(:new).and_return(@mock_winrm)
+
+      Chef::Knife::Core::WindowsBootstrapContext.stub(:new).and_return(@mock_bootstrap_context)
+    end
+
+    it "downloads the chef-client MSI during winrm bootstrap" do
+      clean_test_case
+
+      bootstrap_context = Chef::Knife::BootstrapWindowsWinrm.new([ "127.0.0.1" ])
+
+      # Execute the commands locally that would normally be executed via WinRM
+      bootstrap_context.stub(:run_command) do |command|
+        system(command)
+      end
+
+      bootstrap_context.run
+
+      # Download should succeed
+      download_succeeded?.should == true
+    end
+  end
+
+  def download_succeeded?
+    File.exists?(@local_file_download_destination) && ! File.zero?(@local_file_download_destination)
+  end
+
+  # Remove file artifiacts generated by individual test cases
+  def clean_test_case
+    if File.exists?(@local_file_download_destination)
+      File.delete(@local_file_download_destination)
+    end
+  end
+  
+end 

data/spec/spec_helper.rb

@@ -0,0 +1,63 @@
+
+# Author:: Adam Edwards (<adamed@opscode.com>)
+# Copyright:: Copyright (c) 2012 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+def windows?
+  !!(RUBY_PLATFORM =~ /mswin|mingw|windows/)
+end
+
+require_relative '../lib/chef/knife/core/windows_bootstrap_context'
+require_relative '../lib/chef/knife/bootstrap_windows_winrm'
+
+if windows?
+  require 'ruby-wmi'
+end
+
+def windows2012?
+  is_win2k12 = false
+  
+  if  windows?
+    this_operating_system = WMI::Win32_OperatingSystem.find(:first)
+    os_version = this_operating_system.send('Version')
+
+    # The operating system version is a string in the following form
+    # that can be split into components based on the '.' delimiter:
+    # MajorVersionNumber.MinorVersionNumber.BuildNumber
+    os_version_components = os_version.split('.')
+
+    if os_version_components.length < 2
+      raise 'WMI returned a Windows version from Win32_OperatingSystem.Version ' +
+        'with an unexpected format. The Windows version could not be determined.'
+    end
+
+    # Windows 6.2 is Windows Server 2012, so test the major and
+    # minor version components
+    is_win2k12 = os_version_components[0] == '6' && os_version_components[1] == '2'
+  end
+
+  is_win2k12
+end
+
+
+RSpec.configure do |config|
+  config.treat_symbols_as_metadata_keys_with_true_values = true
+  
+  config.filter_run_excluding :windows_only => true unless windows?
+  config.filter_run_excluding :windows_2012_only => true unless windows2012?
+end
+

data/spec/unit/knife/winrm_spec.rb

@@ -0,0 +1,65 @@
+#
+# Author:: Bryan McLellan <btm@opscode.com>
+# Copyright:: Copyright (c) 2013 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'spec_helper'
+
+Chef::Knife::Winrm.load_deps
+
+describe Chef::Knife::Winrm do
+  before(:all) do
+    @original_config = Chef::Config.hash_dup
+    @original_knife_config = Chef::Config[:knife].dup
+  end
+
+  after(:all) do
+    Chef::Config.configuration = @original_config
+    Chef::Config[:knife] = @original_knife_config
+  end
+
+  before do
+    @knife = Chef::Knife::Winrm.new
+    @knife.config[:address_attribute] = "fqdn"
+    @node_foo = Chef::Node.new
+    @node_foo.automatic_attrs[:fqdn] = "foo.example.org"
+    @node_foo.automatic_attrs[:ipaddress] = "10.0.0.1"
+    @node_bar = Chef::Node.new
+    @node_bar.automatic_attrs[:fqdn] = "bar.example.org"
+    @node_bar.automatic_attrs[:ipaddress] = "10.0.0.2"
+  end
+
+  describe "#configure_session" do
+    before do
+      @query = mock("Chef::Search::Query")
+    end
+
+    context "when there are some hosts found but they do not have an attribute to connect with" do
+      before do
+        @query.stub!(:search).and_return([[@node_foo, @node_bar]])
+        @node_foo.automatic_attrs[:fqdn] = nil
+        @node_bar.automatic_attrs[:fqdn] = nil
+        Chef::Search::Query.stub!(:new).and_return(@query)
+      end
+    
+      it "should raise a specific error (KNIFE-222)" do
+        @knife.ui.should_receive(:fatal).with(/does not have the required attribute/)
+        @knife.should_receive(:exit).with(10)
+        @knife.configure_session
+      end
+    end
+  end
+end