diff options
author | Jay Mundrawala <jdmundrawala@gmail.com> | 2016-01-27 17:44:12 -0800 |
---|---|---|
committer | Jay Mundrawala <jdmundrawala@gmail.com> | 2016-01-28 15:28:33 -0800 |
commit | ed44d58632c02744ce02bcc6af504e4e3c802f1f (patch) | |
tree | de5dac9d7bccf99a010e97e7ecaad8b8bfd34e86 /lib | |
parent | 97e3ae9540c5c663af2575c579c6e9a445848489 (diff) | |
download | chef-ed44d58632c02744ce02bcc6af504e4e3c802f1f.tar.gz |
Allow use of command line fips switch for knife
This somewhat worked before. However, it was just for knife bootstrap.
It also didn't support --no-fips in the case where it was in your
knife.rb and you decided that you didn't want to use fips for
that one call.
The assumption here is fips mode you run knife with is the fips
mode the node will get. This has the nice property that validatorless
bootstraps will talk to the chef server in fips mode if the node
is requested to be in fips mode.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/chef/application/knife.rb | 6 | ||||
-rw-r--r-- | lib/chef/knife.rb | 8 | ||||
-rw-r--r-- | lib/chef/knife/bootstrap.rb | 5 | ||||
-rw-r--r-- | lib/chef/knife/core/bootstrap_context.rb | 2 |
4 files changed, 14 insertions, 7 deletions
diff --git a/lib/chef/application/knife.rb b/lib/chef/application/knife.rb index 1742223657..46122b0a7b 100644 --- a/lib/chef/application/knife.rb +++ b/lib/chef/application/knife.rb @@ -134,6 +134,12 @@ class Chef::Application::Knife < Chef::Application :proc => lambda {|v| puts "Chef: #{::Chef::VERSION}"}, :exit => 0 + option :fips, + :long => "--[no-]fips", + :description => "Enable fips mode", + :boolean => true, + :default => nil + # Run knife def run Mixlib::Log::Formatter.show_time = false diff --git a/lib/chef/knife.rb b/lib/chef/knife.rb index 5cfcc7182a..8443186089 100644 --- a/lib/chef/knife.rb +++ b/lib/chef/knife.rb @@ -398,7 +398,6 @@ class Chef merge_configs apply_computed_config Chef::Config.export_proxies - Chef::Config.init_openssl # This has to be after apply_computed_config so that Mixlib::Log is configured Chef::Log.info("Using configuration from #{config[:config_file]}") if config[:config_file] end @@ -412,6 +411,7 @@ class Chef ui.error "You need to add a #run method to your knife command before you can use it" end enforce_path_sanity + maybe_setup_fips Chef::LocalMode.with_server_connectivity do run end @@ -570,5 +570,11 @@ class Chef Chef::Config[:chef_server_url] end + def maybe_setup_fips + if !config[:fips].nil? + Chef::Config[:fips] = config[:fips] + end + Chef::Config.init_openssl + end end end diff --git a/lib/chef/knife/bootstrap.rb b/lib/chef/knife/bootstrap.rb index 4db6c22f2e..23ec98e563 100644 --- a/lib/chef/knife/bootstrap.rb +++ b/lib/chef/knife/bootstrap.rb @@ -250,11 +250,6 @@ class Chef Chef::Config[:knife][:bootstrap_vault_item] } - option :fips, - :long => "--fips", - :description => "Set openssl to run in fips mode", - :boolean => true - def initialize(argv=[]) super @client_builder = Chef::Knife::Bootstrap::ClientBuilder.new( diff --git a/lib/chef/knife/core/bootstrap_context.rb b/lib/chef/knife/core/bootstrap_context.rb index 46ade9f00f..86c905c16a 100644 --- a/lib/chef/knife/core/bootstrap_context.rb +++ b/lib/chef/knife/core/bootstrap_context.rb @@ -120,7 +120,7 @@ validation_client_name "#{@chef_config[:validation_client_name]}" client_rb << %Q{trusted_certs_dir "/etc/chef/trusted_certs"\n} end - if @config[:fips] + if Chef::Config[:fips] client_rb << %Q{fips true\n} end |