sh -c ' <%= "https_proxy=\"#{knife_config[:bootstrap_proxy]}\" export https_proxy" if knife_config[:bootstrap_proxy] %> <%= "no_proxy=\"#{knife_config[:bootstrap_no_proxy]}\" export no_proxy" if knife_config[:bootstrap_no_proxy] %> if test "x$TMPDIR" = "x"; then tmp="/tmp" else tmp=$TMPDIR fi # secure-ish temp dir creation without having mktemp available (DDoS-able but not exploitable) tmp_dir="$tmp/$$" (umask 077 && mkdir $tmp_dir) || exit 1 exists() { if command -v $1 >/dev/null 2>&1 then return 0 else return 1 fi } http_404_error() { echo "ERROR 404: Could not retrieve a valid!" exit 1 } capture_tmp_stderr() { # spool up /tmp/stderr from all the commands we called if test -f "$tmp_dir/stderr"; then output=`cat $tmp_dir/stderr` stderr_results="${stderr_results}\nSTDERR from $1:\n\n$output\n" rm $tmp_dir/stderr fi } # do_wget URL FILENAME do_wget() { echo "trying wget..." wget <%= "--proxy=on " if knife_config[:bootstrap_proxy] %> <%= knife_config[:bootstrap_wget_options] %> -O "$2" "$1" 2>$tmp_dir/stderr rc=$? # check for 404 grep "ERROR 404" $tmp_dir/stderr 2>&1 >/dev/null if test $? -eq 0; then http_404_error fi # check for bad return status or empty output if test $rc -ne 0 || test ! -s "$2"; then capture_tmp_stderr "wget" return 1 fi return 0 } # do_curl URL FILENAME do_curl() { echo "trying curl..." curl -sL <%= "--proxy \"#{knife_config[:bootstrap_proxy]}\" " if knife_config[:bootstrap_proxy] %> <%= knife_config[:bootstrap_curl_options] %> -D $tmp_dir/stderr -o "$2" "$1" 2>$tmp_dir/stderr rc=$? # check for 404 grep "404 Not Found" $tmp_dir/stderr 2>&1 >/dev/null if test $? -eq 0; then http_404_error fi # check for bad return status or empty output if test $rc -ne 0 || test ! -s "$2"; then capture_tmp_stderr "curl" return 1 fi return 0 } # do_fetch URL FILENAME do_fetch() { echo "trying fetch..." fetch -o "$2" "$1" 2>$tmp_dir/stderr # check for bad return status test $? -ne 0 && return 1 return 0 } # do_perl URL FILENAME do_perl() { echo "trying perl..." perl -e "use LWP::Simple; getprint(shift @ARGV);" "$1" > "$2" 2>$tmp_dir/stderr rc=$? # check for 404 grep "404 Not Found" $tmp_dir/stderr 2>&1 >/dev/null if test $? -eq 0; then http_404_error fi # check for bad return status or empty output if test $rc -ne 0 || test ! -s "$2"; then capture_tmp_stderr "perl" return 1 fi return 0 } # do_python URL FILENAME do_python() { echo "trying python..." python -c "import sys,urllib2 ; sys.stdout.write(urllib2.urlopen(sys.argv[1]).read())" "$1" > "$2" 2>$tmp_dir/stderr rc=$? # check for 404 grep "HTTP Error 404" $tmp_dir/stderr 2>&1 >/dev/null if test $? -eq 0; then http_404_error fi # check for bad return status or empty output if test $rc -ne 0 || test ! -s "$2"; then capture_tmp_stderr "python" return 1 fi return 0 } # do_download URL FILENAME do_download() { PATH=/opt/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sfw/bin:/sbin:/bin:/usr/sbin:/usr/bin export PATH echo "downloading $1" echo " to file $2" # we try all of these until we get success. # perl, in particular may be present but LWP::Simple may not be installed if exists wget; then do_wget $1 $2 && return 0 fi if exists curl; then do_curl $1 $2 && return 0 fi if exists fetch; then do_fetch $1 $2 && return 0 fi if exists perl; then do_perl $1 $2 && return 0 fi if exists python; then do_python $1 $2 && return 0 fi echo ">>>>>> wget, curl, fetch, perl, or python not found on this instance." if test "x$stderr_results" != "x"; then echo "\nDEBUG OUTPUT FOLLOWS:\n$stderr_results" fi return 16 } <%# Run any custom commands before installing chef-client -%> <%# Ex. wait for cloud-init to complete -%> <% if knife_config[:bootstrap_preinstall_command] %> <%= knife_config[:bootstrap_preinstall_command] %> <% end %> <% if knife_config[:bootstrap_install_command] %> <%= knife_config[:bootstrap_install_command] %> <% else %> install_sh="<%= knife_config[:bootstrap_url] ? knife_config[:bootstrap_url] : "" %>" if test -f /usr/bin/chef-client; then echo "-----> Existing Chef installation detected" else echo "-----> Installing Chef Omnibus (<%= latest_current_chef_version_string %>)" do_download ${install_sh} $tmp_dir/ sh $tmp_dir/ -P chef <%= latest_current_chef_version_string %> fi <% end %> if test "x$tmp_dir" != "x"; then rm -r "$tmp_dir" fi mkdir -p /etc/chef <% if client_pem -%> cat > /etc/chef/client.pem <<'EOP' <%= %> EOP chmod 0600 /etc/chef/client.pem <% end -%> <% if validation_key -%> cat > /etc/chef/validation.pem <<'EOP' <%= validation_key %> EOP chmod 0600 /etc/chef/validation.pem <% end -%> <% if encrypted_data_bag_secret -%> cat > /etc/chef/encrypted_data_bag_secret <<'EOP' <%= encrypted_data_bag_secret %> EOP chmod 0600 /etc/chef/encrypted_data_bag_secret <% end -%> <% unless trusted_certs.empty? -%> mkdir -p /etc/chef/trusted_certs <%= trusted_certs %> <% end -%> <%# Generate Ohai Hints -%> <% unless @chef_config[:knife][:hints].nil? || @chef_config[:knife][:hints].empty? -%> mkdir -p /etc/chef/ohai/hints <% @chef_config[:knife][:hints].each do |name, hash| -%> cat > /etc/chef/ohai/hints/<%= name %>.json <<'EOP' <%= Chef::JSONCompat.to_json(hash) %> EOP <% end -%> <% end -%> cat > /etc/chef/client.rb <<'EOP' <%= config_content %> EOP cat > /etc/chef/first-boot.json <<'EOP' <%= Chef::JSONCompat.to_json(first_boot) %> EOP <% unless client_d.empty? -%> mkdir -p /etc/chef/client.d <%= client_d %> <% end -%> echo "Starting the first Chef Client run..." <%= start_chef %>'