From 5f649bf78d7bbfab0ae0829513a49ebd8aeac2e0 Mon Sep 17 00:00:00 2001 From: Vivek Singh Date: Thu, 9 Apr 2020 03:17:40 +0530 Subject: Fixes for sudo password Signed-off-by: Vivek Singh --- lib/chef/knife/bootstrap.rb | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/lib/chef/knife/bootstrap.rb b/lib/chef/knife/bootstrap.rb index 9e2c66a782..d8668bc070 100644 --- a/lib/chef/knife/bootstrap.rb +++ b/lib/chef/knife/bootstrap.rb @@ -650,7 +650,7 @@ class Chef raise else ui.warn("Failed to authenticate #{opts[:user]} to #{server_name} - trying password auth") - password = ui.ask("Enter password for #{opts[:user]}@#{server_name}.") do |q| + password = ui.ask("Enter password for #{opts[:user]}@#{server_name}:") do |q| q.echo = false end end @@ -666,7 +666,7 @@ class Chef raise else ui.warn("Failed to authenticate #{opts[:user]} to #{server_name} - trying password auth") - password = ui.ask("Enter password for #{opts[:user]}@#{server_name}.") do |q| + password = ui.ask("Enter password for #{opts[:user]}@#{server_name}:") do |q| q.echo = false end end @@ -695,9 +695,19 @@ class Chef @connection = TrainConnector.new(host_descriptor, connection_protocol, conn_options) connection.connect! rescue Train::UserError => e + limit ||= 1 if !conn_options.key?(:pty) && e.reason == :sudo_no_tty ui.warn("#{e.message} - trying with pty request") conn_options[:pty] = true # ensure we can talk to systems with requiretty set true in sshd config + retry + elsif config[:use_sudo_password] && (e.reason == :sudo_password_required || e.reason == :sudo_root_password_required) && limit < 3 + ui.warn("Failed to authenticate #{conn_options[:user]} to #{server_name} - #{e.message} \n sudo: #{limit} incorrect password attempt") + sudo_password = ui.ask("Enter sudo root password for #{conn_options[:user]}@#{server_name}:") do |q| + q.echo = false + end + limit += 1 + conn_options[:sudo_password] = sudo_password + retry else raise -- cgit v1.2.1 From 0135fa506476a0f559ea609bd6690248dbc262d2 Mon Sep 17 00:00:00 2001 From: Vivek Singh Date: Sat, 11 Apr 2020 00:57:45 +0530 Subject: Match reason :bad_sudo_password for wrong attempt Signed-off-by: Vivek Singh --- lib/chef/knife/bootstrap.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/chef/knife/bootstrap.rb b/lib/chef/knife/bootstrap.rb index d8668bc070..8823fa3bdf 100644 --- a/lib/chef/knife/bootstrap.rb +++ b/lib/chef/knife/bootstrap.rb @@ -700,9 +700,9 @@ class Chef ui.warn("#{e.message} - trying with pty request") conn_options[:pty] = true # ensure we can talk to systems with requiretty set true in sshd config retry - elsif config[:use_sudo_password] && (e.reason == :sudo_password_required || e.reason == :sudo_root_password_required) && limit < 3 + elsif config[:use_sudo_password] && (e.reason == :sudo_password_required || e.reason == :bad_sudo_password) && limit < 3 ui.warn("Failed to authenticate #{conn_options[:user]} to #{server_name} - #{e.message} \n sudo: #{limit} incorrect password attempt") - sudo_password = ui.ask("Enter sudo root password for #{conn_options[:user]}@#{server_name}:") do |q| + sudo_password = ui.ask("Enter sudo password for #{conn_options[:user]}@#{server_name}:") do |q| q.echo = false end limit += 1 -- cgit v1.2.1 From 78afa84a0f67549331788cf0633bf2afcd674757 Mon Sep 17 00:00:00 2001 From: Tim Smith Date: Mon, 13 Apr 2020 11:42:12 -0700 Subject: Require at least train-core 3.2.28 to resolve sudo issues Make sure that even a gem install of chef will work correctly here. Signed-off-by: Tim Smith --- Gemfile.lock | 10 +++++----- chef.gemspec | 2 +- omnibus/Gemfile.lock | 10 +++++----- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 4afe3f7676..c44f1d0a01 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -55,7 +55,7 @@ PATH plist (~> 3.2) proxifier (~> 1.0) syslog-logger (~> 1.6) - train-core (~> 3.1) + train-core (~> 3.2, >= 3.2.28) train-winrm (>= 0.2.5) tty-screen (~> 0.6) uuidtools (~> 2.1.5) @@ -88,7 +88,7 @@ PATH plist (~> 3.2) proxifier (~> 1.0) syslog-logger (~> 1.6) - train-core (~> 3.1) + train-core (~> 3.2, >= 3.2.28) train-winrm (>= 0.2.5) tty-screen (~> 0.6) uuidtools (~> 2.1.5) @@ -243,7 +243,7 @@ GEM regexp_parser (~> 1.5) uri_template (~> 0.7) libyajl2 (1.2.0) - license-acceptance (1.0.18) + license-acceptance (1.0.19) pastel (~> 0.7) tomlrb (~> 1.2) tty-box (~> 0.3) @@ -281,7 +281,7 @@ GEM net-ssh-gateway (>= 1.2.0) nori (2.6.0) parallel (1.19.1) - parser (2.7.1.0) + parser (2.7.1.1) ast (~> 2.4.0) parslet (1.8.2) pastel (0.7.3) @@ -363,7 +363,7 @@ GEM tins (1.24.1) sync tomlrb (1.3.0) - train-core (3.2.27) + train-core (3.2.28) addressable (~> 2.5) json (>= 1.8, < 3.0) mixlib-shellout (>= 2.0, < 4.0) diff --git a/chef.gemspec b/chef.gemspec index 3e2928d504..c8f3b614ee 100644 --- a/chef.gemspec +++ b/chef.gemspec @@ -17,7 +17,7 @@ Gem::Specification.new do |s| s.add_dependency "chef-config", "= #{Chef::VERSION}" s.add_dependency "chef-utils", "= #{Chef::VERSION}" - s.add_dependency "train-core", "~> 3.1" + s.add_dependency "train-core", "~> 3.2", ">= 3.2.28" # 3.2.28 fixes sudo prompts. See https://github.com/chef/chef/pull/9635 s.add_dependency "train-winrm", ">= 0.2.5" s.add_dependency "license-acceptance", "~> 1.0", ">= 1.0.5" diff --git a/omnibus/Gemfile.lock b/omnibus/Gemfile.lock index 5a704b1df7..92f039f606 100644 --- a/omnibus/Gemfile.lock +++ b/omnibus/Gemfile.lock @@ -31,10 +31,10 @@ GEM public_suffix (>= 2.0.2, < 5.0) artifactory (3.0.12) awesome_print (1.8.0) - aws-eventstream (1.0.3) - aws-partitions (1.295.0) - aws-sdk-core (3.93.0) - aws-eventstream (~> 1.0, >= 1.0.2) + aws-eventstream (1.1.0) + aws-partitions (1.296.0) + aws-sdk-core (3.94.0) + aws-eventstream (~> 1, >= 1.0.2) aws-partitions (~> 1, >= 1.239.0) aws-sigv4 (~> 1.1) jmespath (~> 1.0) @@ -306,7 +306,7 @@ GEM toml-rb (2.0.1) citrus (~> 3.0, > 3.0) tomlrb (1.3.0) - train-core (3.2.27) + train-core (3.2.28) addressable (~> 2.5) json (>= 1.8, < 3.0) mixlib-shellout (>= 2.0, < 4.0) -- cgit v1.2.1