Merge pull request #9669 from chef/sudo_bootstrap

Fix specifying sudo password in knife bootstrap
author: Tim Smith <tsmith@chef.io> 2020-04-15 20:41:30 -0700
committer: GitHub <noreply@github.com> 2020-04-15 20:41:30 -0700
commit: c1e956746d6151a64c5307c81faaefd9f2039e9e (patch)
tree: c5582211db0e7c3e0c490ecb2378b199cbc49716
parent: ac0be4540c34cce4571343c81ecca1a9821b08c9 (diff)
parent: 78afa84a0f67549331788cf0633bf2afcd674757 (diff)
download: chef-c1e956746d6151a64c5307c81faaefd9f2039e9e.tar.gz
4 files changed, 23 insertions, 13 deletions
diff --git a/Gemfile.lock b/Gemfile.lock
index 4afe3f7676..c44f1d0a01 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -55,7 +55,7 @@ PATH
       plist (~> 3.2)
       proxifier (~> 1.0)
       syslog-logger (~> 1.6)
-      train-core (~> 3.1)
+      train-core (~> 3.2, >= 3.2.28)
       train-winrm (>= 0.2.5)
       tty-screen (~> 0.6)
       uuidtools (~> 2.1.5)
@@ -88,7 +88,7 @@ PATH
       plist (~> 3.2)
       proxifier (~> 1.0)
       syslog-logger (~> 1.6)
-      train-core (~> 3.1)
+      train-core (~> 3.2, >= 3.2.28)
       train-winrm (>= 0.2.5)
       tty-screen (~> 0.6)
       uuidtools (~> 2.1.5)
@@ -243,7 +243,7 @@ GEM
       regexp_parser (~> 1.5)
       uri_template (~> 0.7)
     libyajl2 (1.2.0)
-    license-acceptance (1.0.18)
+    license-acceptance (1.0.19)
       pastel (~> 0.7)
       tomlrb (~> 1.2)
       tty-box (~> 0.3)
@@ -281,7 +281,7 @@ GEM
       net-ssh-gateway (>= 1.2.0)
     nori (2.6.0)
     parallel (1.19.1)
-    parser (2.7.1.0)
+    parser (2.7.1.1)
       ast (~> 2.4.0)
     parslet (1.8.2)
     pastel (0.7.3)
@@ -363,7 +363,7 @@ GEM
     tins (1.24.1)
       sync
     tomlrb (1.3.0)
-    train-core (3.2.27)
+    train-core (3.2.28)
       addressable (~> 2.5)
       json (>= 1.8, < 3.0)
       mixlib-shellout (>= 2.0, < 4.0)
diff --git a/chef.gemspec b/chef.gemspec
index 3e2928d504..c8f3b614ee 100644
--- a/chef.gemspec
+++ b/chef.gemspec
@@ -17,7 +17,7 @@ Gem::Specification.new do |s|
 
   s.add_dependency "chef-config", "= #{Chef::VERSION}"
   s.add_dependency "chef-utils", "= #{Chef::VERSION}"
-  s.add_dependency "train-core", "~> 3.1"
+  s.add_dependency "train-core", "~> 3.2", ">= 3.2.28" # 3.2.28 fixes sudo prompts. See https://github.com/chef/chef/pull/9635
   s.add_dependency "train-winrm", ">= 0.2.5"
 
   s.add_dependency "license-acceptance", "~> 1.0", ">= 1.0.5"
diff --git a/lib/chef/knife/bootstrap.rb b/lib/chef/knife/bootstrap.rb
index 9e2c66a782..8823fa3bdf 100644
--- a/lib/chef/knife/bootstrap.rb
+++ b/lib/chef/knife/bootstrap.rb
@@ -650,7 +650,7 @@ class Chef
             raise
           else
             ui.warn("Failed to authenticate #{opts[:user]} to #{server_name} - trying password auth")
-            password = ui.ask("Enter password for #{opts[:user]}@#{server_name}.") do |q|
+            password = ui.ask("Enter password for #{opts[:user]}@#{server_name}:") do |q|
               q.echo = false
             end
           end
@@ -666,7 +666,7 @@ class Chef
             raise
           else
             ui.warn("Failed to authenticate #{opts[:user]} to #{server_name} - trying password auth")
-            password = ui.ask("Enter password for #{opts[:user]}@#{server_name}.") do |q|
+            password = ui.ask("Enter password for #{opts[:user]}@#{server_name}:") do |q|
               q.echo = false
             end
           end
@@ -695,10 +695,20 @@ class Chef
         @connection = TrainConnector.new(host_descriptor, connection_protocol, conn_options)
         connection.connect!
       rescue Train::UserError => e
+        limit ||= 1
         if !conn_options.key?(:pty) && e.reason == :sudo_no_tty
           ui.warn("#{e.message} - trying with pty request")
           conn_options[:pty] = true # ensure we can talk to systems with requiretty set true in sshd config
           retry
+        elsif config[:use_sudo_password] && (e.reason == :sudo_password_required || e.reason == :bad_sudo_password) && limit < 3
+          ui.warn("Failed to authenticate #{conn_options[:user]} to #{server_name} - #{e.message} \n sudo: #{limit} incorrect password attempt")
+          sudo_password = ui.ask("Enter sudo password for #{conn_options[:user]}@#{server_name}:") do |q|
+            q.echo = false
+          end
+          limit += 1
+          conn_options[:sudo_password] = sudo_password
+
+          retry
         else
           raise
         end
diff --git a/omnibus/Gemfile.lock b/omnibus/Gemfile.lock
index 5a704b1df7..92f039f606 100644
--- a/omnibus/Gemfile.lock
+++ b/omnibus/Gemfile.lock
@@ -31,10 +31,10 @@ GEM
       public_suffix (>= 2.0.2, < 5.0)
     artifactory (3.0.12)
     awesome_print (1.8.0)
-    aws-eventstream (1.0.3)
-    aws-partitions (1.295.0)
-    aws-sdk-core (3.93.0)
-      aws-eventstream (~> 1.0, >= 1.0.2)
+    aws-eventstream (1.1.0)
+    aws-partitions (1.296.0)
+    aws-sdk-core (3.94.0)
+      aws-eventstream (~> 1, >= 1.0.2)
       aws-partitions (~> 1, >= 1.239.0)
       aws-sigv4 (~> 1.1)
       jmespath (~> 1.0)
@@ -306,7 +306,7 @@ GEM
     toml-rb (2.0.1)
       citrus (~> 3.0, > 3.0)
     tomlrb (1.3.0)
-    train-core (3.2.27)
+    train-core (3.2.28)
       addressable (~> 2.5)
       json (>= 1.8, < 3.0)
       mixlib-shellout (>= 2.0, < 4.0)
author	Tim Smith <tsmith@chef.io>	2020-04-15 20:41:30 -0700
committer	GitHub <noreply@github.com>	2020-04-15 20:41:30 -0700
commit	c1e956746d6151a64c5307c81faaefd9f2039e9e (patch)
tree	c5582211db0e7c3e0c490ecb2378b199cbc49716
parent	ac0be4540c34cce4571343c81ecca1a9821b08c9 (diff)
parent	78afa84a0f67549331788cf0633bf2afcd674757 (diff)
download	chef-c1e956746d6151a64c5307c81faaefd9f2039e9e.tar.gz