class Chef::Knife::Core::BootstrapContext

Instances of BootstrapContext are the context objects (i.e., self) for bootstrap templates. For backwards compatibility, they must set the following instance variables:

Attributes

client_pem[RW]

Public Class Methods

new(config, run_list, chef_config, secret = nil) click to toggle source
# File lib/chef/knife/core/bootstrap_context.rb, line 36
def initialize(config, run_list, chef_config, secret = nil)
  @config       = config
  @run_list     = run_list
  @chef_config  = chef_config
  @secret       = secret
end

Public Instance Methods

bootstrap_environment() click to toggle source
# File lib/chef/knife/core/bootstrap_context.rb, line 43
def bootstrap_environment
  @config[:environment]
end
client_d() click to toggle source
# File lib/chef/knife/core/bootstrap_context.rb, line 56
def client_d
  @client_d ||= client_d_content
end
config_content() click to toggle source
# File lib/chef/knife/core/bootstrap_context.rb, line 88
        def config_content
          client_rb = <<-CONFIG
chef_server_url  "#{@chef_config[:chef_server_url]}"
validation_client_name "#{@chef_config[:validation_client_name]}"
          CONFIG

          if !(@chef_config[:config_log_level].nil? || @chef_config[:config_log_level].empty?)
            client_rb << %Q{log_level   :#{@chef_config[:config_log_level]}\n}
          end

          client_rb << "log_location   #{get_log_location}\n"

          if @config[:chef_node_name]
            client_rb << %Q{node_name "#{@config[:chef_node_name]}"\n}
          else
            client_rb << "# Using default node name (fqdn)\n"
          end

          # We configure :verify_api_cert only when it's overridden on the CLI
          # or when specified in the knife config.
          if !@config[:node_verify_api_cert].nil? || knife_config.has_key?(:verify_api_cert)
            value = @config[:node_verify_api_cert].nil? ? knife_config[:verify_api_cert] : @config[:node_verify_api_cert]
            client_rb << %Q{verify_api_cert #{value}\n}
          end

          # We configure :ssl_verify_mode only when it's overridden on the CLI
          # or when specified in the knife config.
          if @config[:node_ssl_verify_mode] || knife_config.has_key?(:ssl_verify_mode)
            value = case @config[:node_ssl_verify_mode]
                    when "peer"
                      :verify_peer
                    when "none"
                      :verify_none
                    when nil
                      knife_config[:ssl_verify_mode]
                    else
                      nil
                    end

            if value
              client_rb << %Q{ssl_verify_mode :#{value}\n}
            end
          end

          if @config[:ssl_verify_mode]
            client_rb << %Q{ssl_verify_mode :#{knife_config[:ssl_verify_mode]}\n}
          end

          if knife_config[:bootstrap_proxy]
            client_rb << %Q{http_proxy        "#{knife_config[:bootstrap_proxy]}"\n}
            client_rb << %Q{https_proxy       "#{knife_config[:bootstrap_proxy]}"\n}
          end

          if knife_config[:bootstrap_proxy_user]
            client_rb << %Q{http_proxy_user   "#{knife_config[:bootstrap_proxy_user]}"\n}
            client_rb << %Q{https_proxy_user  "#{knife_config[:bootstrap_proxy_user]}"\n}
          end

          if knife_config[:bootstrap_proxy_pass]
            client_rb << %Q{http_proxy_pass   "#{knife_config[:bootstrap_proxy_pass]}"\n}
            client_rb << %Q{https_proxy_pass  "#{knife_config[:bootstrap_proxy_pass]}"\n}
          end

          if knife_config[:bootstrap_no_proxy]
            client_rb << %Q{no_proxy       "#{knife_config[:bootstrap_no_proxy]}"\n}
          end

          if encrypted_data_bag_secret
            client_rb << %Q{encrypted_data_bag_secret "/etc/chef/encrypted_data_bag_secret"\n}
          end

          unless trusted_certs.empty?
            client_rb << %Q{trusted_certs_dir "/etc/chef/trusted_certs"\n}
          end

          if Chef::Config[:fips]
            client_rb << <<-CONFIG.gsub(/^ {14}/, "")
              fips true
              require "chef/version"
              chef_version = ::Chef::VERSION.split(".")
              unless chef_version[0].to_i > 12 || (chef_version[0].to_i == 12 && chef_version[1].to_i >= 8)
                raise "FIPS Mode requested but not supported by this client"
              end
            CONFIG
          end

          client_rb
        end
encrypted_data_bag_secret() click to toggle source
# File lib/chef/knife/core/bootstrap_context.rb, line 60
def encrypted_data_bag_secret
  @secret
end
first_boot() click to toggle source
# File lib/chef/knife/core/bootstrap_context.rb, line 221
def first_boot
  (@config[:first_boot_attributes] || {}).tap do |attributes|
    if @config[:policy_name] && @config[:policy_group]
      attributes[:policy_name] = @config[:policy_name]
      attributes[:policy_group] = @config[:policy_group]
    else
      attributes[:run_list] = @run_list
    end

    attributes.delete(:run_list) if attributes[:policy_name] && !attributes[:policy_name].empty?
    attributes.merge!(:tags => @config[:tags]) if @config[:tags] && !@config[:tags].empty?
  end
end
get_log_location() click to toggle source
# File lib/chef/knife/core/bootstrap_context.rb, line 70
def get_log_location
  if !(@chef_config[:config_log_location].class == IO ) && (@chef_config[:config_log_location].nil? || @chef_config[:config_log_location].to_s.empty?)
    "STDOUT"
  elsif @chef_config[:config_log_location].equal?(:win_evt)
    raise "The value :win_evt is not supported for config_log_location on Linux Platforms \n"
  elsif @chef_config[:config_log_location].equal?(:syslog)
    ":syslog"
  elsif @chef_config[:config_log_location].equal?(STDOUT)
    "STDOUT"
  elsif @chef_config[:config_log_location].equal?(STDERR)
    "STDERR"
  elsif @chef_config[:config_log_location]
    %Q{"#{@chef_config[:config_log_location]}"}
  else
    "STDOUT"
  end
end
knife_config() click to toggle source
# File lib/chef/knife/core/bootstrap_context.rb, line 191
def knife_config
  @chef_config.key?(:knife) ? @chef_config[:knife] : {}
end
latest_current_chef_version_string() click to toggle source

chef version string to fetch the latest current version from omnitruck If user is on X.Y.Z bootstrap will use the latest X release X here can be 10 or 11

# File lib/chef/knife/core/bootstrap_context.rb, line 199
def latest_current_chef_version_string
  installer_version_string = nil
  if @config[:prerelease]
    installer_version_string = ["-p"]
  else
    chef_version_string = if knife_config[:bootstrap_version]
                            knife_config[:bootstrap_version]
                          else
                            Chef::VERSION.split(".").first
                          end

    installer_version_string = ["-v", chef_version_string]

    # If bootstrapping a pre-release version add -p to the installer string
    if chef_version_string.split(".").length > 3
      installer_version_string << "-p"
    end
  end

  installer_version_string.join(" ")
end
start_chef() click to toggle source
# File lib/chef/knife/core/bootstrap_context.rb, line 177
def start_chef
  # If the user doesn't have a client path configure, let bash use the PATH for what it was designed for
  client_path = @chef_config[:chef_client_path] || "chef-client"
  s = "#{client_path} -j /etc/chef/first-boot.json"
  if @config[:verbosity] && @config[:verbosity] >= 3
    s << " -l trace"
  elsif @config[:verbosity] && @config[:verbosity] >= 2
    s << " -l debug"
  end
  s << " -E #{bootstrap_environment}" unless bootstrap_environment.nil?
  s << " --no-color" unless @config[:color]
  s
end
trusted_certs() click to toggle source

Contains commands and content, see #trusted_certs_content TODO: Rename to trusted_certs_script

# File lib/chef/knife/core/bootstrap_context.rb, line 66
def trusted_certs
  @trusted_certs ||= trusted_certs_content
end
validation_key() click to toggle source
# File lib/chef/knife/core/bootstrap_context.rb, line 47
def validation_key
  if @chef_config.has_key?(:validation_key) &&
      File.exist?(File.expand_path(@chef_config[:validation_key]))
    IO.read(File.expand_path(@chef_config[:validation_key]))
  else
    false
  end
end

Private Instance Methods

client_d_content() click to toggle source
# File lib/chef/knife/core/bootstrap_context.rb, line 250
def client_d_content
  content = ""
  if @chef_config[:client_d_dir] && File.exist?(@chef_config[:client_d_dir])
    root = Pathname(@chef_config[:client_d_dir])
    root.find do |f|
      relative = f.relative_path_from(root)
      if f != root
        file_on_node = "/etc/chef/client.d/#{relative}"
        if f.directory?
          content << "mkdir #{file_on_node}\n"
        else
          content << "cat > #{file_on_node} <<'EOP'\n" +
            f.read.gsub("'", "'\\\\''") + "\nEOP\n"
        end
      end
    end
  end
  content
end
trusted_certs_content() click to toggle source

Returns a string for copying the trusted certificates on the workstation to the system being bootstrapped This string should contain both the commands necessary to both create the files, as well as their content

# File lib/chef/knife/core/bootstrap_context.rb, line 239
def trusted_certs_content
  content = ""
  if @chef_config[:trusted_certs_dir]
    Dir.glob(File.join(Chef::Util::PathHelper.escape_glob_dir(@chef_config[:trusted_certs_dir]), "*.{crt,pem}")).each do |cert|
      content << "cat > /etc/chef/trusted_certs/#{File.basename(cert)} <<'EOP'\n" +
        IO.read(File.expand_path(cert)) + "\nEOP\n"
    end
  end
  content
end