summaryrefslogtreecommitdiff
path: root/chef-config
diff options
context:
space:
mode:
authorBryan McLellan <btm@loftninjas.org>2018-10-16 15:05:47 -0400
committerBryan McLellan <btm@loftninjas.org>2019-05-06 12:56:55 -0400
commit9d5f5c40362d1fd7b0323cf0880300d6165b3a94 (patch)
tree2bb91f44829455b5566c0de4ad6bb154dd610e4b /chef-config
parent7560313217c851c5b018b27d6ea4bae8c3af0ff1 (diff)
downloadchef-9d5f5c40362d1fd7b0323cf0880300d6165b3a94.tar.gz
Target Mode initial implementation
Signed-off-by: Bryan McLellan <btm@chef.io>
Diffstat (limited to 'chef-config')
-rw-r--r--chef-config/lib/chef-config/config.rb33
1 files changed, 30 insertions, 3 deletions
diff --git a/chef-config/lib/chef-config/config.rb b/chef-config/lib/chef-config/config.rb
index 0c257a49b5..910f0e024d 100644
--- a/chef-config/lib/chef-config/config.rb
+++ b/chef-config/lib/chef-config/config.rb
@@ -293,10 +293,11 @@ module ChefConfig
# the cache path.
unless path_accessible?(primary_cache_path) || path_accessible?(primary_cache_root)
secondary_cache_path = PathHelper.join(user_home, ".chef")
+ secondary_cache_path = target_mode? ? "#{secondary_cache_path}/#{target_mode.host}" : secondary_cache_path
ChefConfig.logger.trace("Unable to access cache at #{primary_cache_path}. Switching cache to #{secondary_cache_path}")
secondary_cache_path
else
- primary_cache_path
+ target_mode? ? "#{primary_cache_path}/#{target_mode.host}" : primary_cache_path
end
end
end
@@ -435,6 +436,22 @@ module ChefConfig
# * Chef 11 mode doesn't expose RBAC objects
default :osc_compat, false
end
+
+ # RFCxxx Target Mode support, value is the name of a remote device to Chef against
+ # --target exists as a shortcut to enabling target_mode and setting the host
+ configurable(:target)
+
+ config_context :target_mode do
+ config_strict_mode false # we don't want to have to add all train configuration keys here
+ default :enabled, false
+ default :protocol, "ssh"
+ # typical additional keys: host, user, password
+ end
+
+ def self.target_mode?
+ target_mode.enabled
+ end
+
default :chef_server_url, "https://localhost:443"
default(:chef_server_root) do
@@ -625,7 +642,15 @@ module ChefConfig
# `node_name` of the client.
#
# If chef-zero is enabled, this defaults to nil (no authentication).
- default(:client_key) { chef_zero.enabled ? nil : platform_specific_path("/etc/chef/client.pem") }
+ default(:client_key) do
+ if chef_zero.enabled
+ nil
+ elsif target_mode?
+ platform_specific_path("/etc/chef/#{target_mode.host}/client.pem")
+ else
+ platform_specific_path("/etc/chef/client.pem")
+ end
+ end
# A credentials file may contain a complete client key, rather than the path
# to one.
@@ -645,7 +670,9 @@ module ChefConfig
# This secret is used to decrypt encrypted data bag items.
default(:encrypted_data_bag_secret) do
- if File.exist?(platform_specific_path("/etc/chef/encrypted_data_bag_secret"))
+ if target_mode? && File.exist?(platform_specific_path("/etc/chef/#{target_mode.host}/encrypted_data_bag_secret"))
+ platform_specific_path("/etc/chef/#{target_mode.host}/encrypted_data_bag_secret")
+ elsif File.exist?(platform_specific_path("/etc/chef/encrypted_data_bag_secret"))
platform_specific_path("/etc/chef/encrypted_data_bag_secret")
else
nil