modules/mu/groomers/chef.rb in cloud-mu-3.5.1 vs modules/mu/groomers/chef.rb in cloud-mu-3.6.3

@@ -56,10 +56,13 @@
             require 'chef/knife'
             require 'chef/application/knife'
             require 'chef/knife/ssh'
             require 'mu/monkey_patches/chef_knife_ssh'
             require 'chef/knife/bootstrap'
+            require 'chef/knife/bootstrap/train_connector'
+            require 'chef/knife/bootstrap/chef_vault_handler'
+            require 'chef/knife/bootstrap/client_builder'
             require 'chef/knife/node_delete'
             require 'chef/knife/client_delete'
             require 'chef/knife/data_bag_delete'
             require 'chef/knife/data_bag_show'
             require 'chef/knife/vault_delete'
@@ -94,15 +97,15 @@
             MU.log "Chef libraries loaded (took #{(Time.now-start).to_s} seconds)", MU::DEBUG
           end
         }
       end
 
-      @knife = "cd #{MU.myRoot} && env -i HOME=#{Etc.getpwnam(MU.mu_user).dir} PATH=/opt/chef/embedded/bin:/usr/bin:/usr/sbin knife"
+      @@knife = "cd #{MU.myRoot} && env -i HOME=#{Etc.getpwnam(MU.mu_user).dir} PATH=/usr/local/ruby-current/bin:/opt/chef/embedded/bin:/usr/bin:/usr/sbin knife"
       # The canonical path to invoke Chef's *knife* utility with a clean environment.
       # @return [String]
-      def self.knife;
-        @knife;
+      def self.knife
+        @@knife
       end
 
       attr_reader :knife
 
       @vault_opts = "--mode client -u #{MU.chef_user} -F json"
@@ -216,11 +219,11 @@
           return loaded
         end
       end
 
       # see {MU::Groomer::Chef.getSecret}
-      def getSecret(vault: nil, item: nil, field: nil)
+      def getSecret(vault: @server.mu_name, item: nil, field: nil)
         self.class.getSecret(vault: vault, item: item, field: field)
       end
 
       # Delete a Chef data bag / Vault
       # @param vault [String]: A repository of secrets to delete
@@ -616,20 +619,23 @@
             kb = ::Chef::Knife::Bootstrap.new([canonical_addr])
             kb.config[:use_sudo] = true
             kb.name_args = "#{canonical_addr}"
             kb.config[:distro] = 'chef-full'
             kb.config[:ssh_user] = ssh_user
+            kb.config[:ssh_verify_host_key] = :accept_new
             kb.config[:forward_agent] = ssh_user
             kb.config[:identity_file] = "#{Etc.getpwuid(Process.uid).dir}/.ssh/#{ssh_key_name}"
+            kb.config[:ssh_identity_file] = "#{Etc.getpwuid(Process.uid).dir}/.ssh/#{ssh_key_name}"
           else
             kb = ::Chef::Knife::BootstrapWindowsWinrm.new([@server.mu_name])
             kb.name_args = [@server.mu_name]
             kb.config[:manual] = true
             kb.config[:winrm_transport] = :ssl
             kb.config[:winrm_port] = 5986
             kb.config[:session_timeout] = timeout
             kb.config[:operation_timeout] = timeout
+#            kb.config[:bootstrap_curl_options] = ""
             if retries % 2 == 0
               kb.config[:host] = canonical_addr
               kb.config[:winrm_authentication_protocol] = :basic
               kb.config[:winrm_user] = @server.config['windows_admin_username']
               kb.config[:winrm_password] = @server.getWindowsAdminPassword
@@ -656,11 +662,13 @@
           #      end
 
           kb.config[:json_attribs] = JSON.generate(json_attribs) if json_attribs.size > 1
           kb.config[:run_list] = run_list
           kb.config[:chef_node_name] = @server.mu_name
+          kb.config[:bootstrap_product] = "chef"
           kb.config[:bootstrap_version] = MU.chefVersion
+          kb.config[:channel] = "stable"
           # XXX key off of MU verbosity level
           kb.config[:log_level] = :debug
           # kb.config[:ssh_gateway] = "#{nat_ssh_user}@#{nat_ssh_host}" if !nat_ssh_host.nil? # Breaking bootsrap
 
           MU.log "Knife Bootstrap settings for #{@server.mu_name} (#{canonical_addr}), timeout set to #{timeout.to_s}", MU::NOTICE, details: kb.config
@@ -896,11 +904,11 @@
         return if nodeonly
 
         vaults_to_clean.each { |vault|
           MU::MommaCat.lock("vault-#{vault['vault']}", false, true)
           MU.log "Purging unknown clients from #{vault['vault']} #{vault['item']}", MU::DEBUG
-          output = %x{#{@knife} data bag show "#{vault['vault']}" "#{vault['item']}_keys" --format json}
+          output = %x{#{knife} data bag show "#{vault['vault']}" "#{vault['item']}_keys" --format json}
           # This is an ugly workaround for --clean-unknown-clients, which in
           # fact cleans known clients.
           if output
             begin
               vault_cfg = JSON.parse(output)
@@ -939,11 +947,11 @@
       def self.grantSecretAccess(host, vault, item)
         loadChefLib
         MU::MommaCat.lock("vault-#{vault}", false, true)
         MU.log "Granting #{host} access to #{vault} #{item}"
         begin
-          ::Chef::Knife.run(['vault', 'update', vault, item, "--search", "name:#{host}"])
+          ::Chef::Knife.run(['vault', 'update', vault, item, "--clients", "#{host}"])
         rescue StandardError => e
           MU.log e.inspect, MU::ERR, details: caller
         end
         MU::MommaCat.unlock("vault-#{vault}", true)
       end
@@ -1085,9 +1093,10 @@
       end
 
       def grantSecretAccess(vault, item)
         return if @secrets_granted["#{vault}:#{item}"] == item
         self.class.grantSecretAccess(@server.mu_name, vault, item)
+        MU.log %Q{To retrieve secret #{vault}:#{item} - #{self.class.knife} vault show "#{vault}" "#{item}"}, MU::SUMMARY
         @secrets_granted["#{vault}:#{item}"] = item
       end
 
       def knifeCmd(cmd, showoutput = false)
         self.class.knifeCmd(cmd, showoutput)