knife bootstrap command without prompting password

Question

I am trying to write a bash script which contains the command for bootstrapping a Ubuntu client node using knife command. When I execute the script, the knife command was asking the sudo password of client node and once i type the password, it works as expected. But I am looking for an automated way without prompting password. Here is the command I used for bootstrapping.

knife bootstrap <IP_ADDRESS> -x <USER_NAME> -P <PASSWORD> --sudo

After checking, knife bootstrap document, I have tried giving the ssh-password also like below, but with same result.

knife bootstrap <IP_ADDRESS> --ssh-user <USER_NAME> --ssh-password <PASSWORD> --sudo

What may be wrong with this command. I am expecting the knife command to automatically login to the client and bootstrap, but its asking like,

<IP_ADDRESS> knife sudo password:
 Enter your password:

Any ideas??

score 6 · Answer 1 · edited Aug 05 '16 at 16:40

6

Looking through the doc this may be the parameter you need:

--use-sudo-password

Although the documentation seems to imply that the password that that will be used is the same for the ssh operation, I don't know if that will be sufficient in your case.

Reference: https://docs.chef.io/knife_bootstrap.html#knife-bootstrap-options

edited Aug 05 '16 at 16:40

gliptak

3,592
2
29
61

answered Nov 08 '13 at 20:33

DavidC

78
1
7

knife bootstrap -N --sudo --use-sudo-password --ssh-user -P -y --secret-file encrypted_data_bag_secret -r 'role[Myrole]' – Anup Singh Jul 12 '16 at 15:41

score 4 · Answer 2 · edited Jul 11 '14 at 17:20

4

If you want to avoid using passwords , you could set up the ssh keys of your workstation on the chef-node and run the

knife bootstrap yourclient.domain.com -x <USER_NAME> -i ~/.ssh/id_rsa -N client1 --sudo

edited Jul 11 '14 at 17:20

Andy

49,085
60
166
233

answered Jul 11 '14 at 17:09

Balualways

4,250
10
38
51

score 3 · Accepted Answer · answered Jul 01 '14 at 10:45

3

This is how I made this work.

echo <SSH_PASSWORD> | knife bootstrap <IP_ADDRESS> -x <USER_NAME> -P <PASSWORD> --sudo

answered Jul 01 '14 at 10:45

HRM

2,097
6
23
37

3

If you do this, make sure you turn off your bash history, otherwise people could retrieve your password. http://stackoverflow.com/questions/6475524/making-sure-commands-dont-show-up-in-bash-history – spuder Mar 10 '15 at 20:49

score 0 · Answer 4 · answered Aug 26 '13 at 06:19

0

I see a typo in your command

it should be --ssh-password

what you have is --sh-password

answered Aug 26 '13 at 06:19

slayedbylucifer

22,878
16
94
123

Oops..Its a typo error. corrected..I used --ssh-password only. The command is working, only prob is that, its prompting for password. – HRM Aug 26 '13 at 06:27
What you are doing seems to be correct. I checked http://docs.opscode.com/install_bootstrap.html and see that it also asks for the password even though it is already supplied. Were you able to do it without password in the past? Or is this something your trying to do for hte 1st time? – slayedbylucifer Aug 26 '13 at 07:08
I always bootstrap from the node itself so never had to follow this process. Let me know if you find something which resolves your issues. – slayedbylucifer Aug 26 '13 at 07:22

score 0 · Answer 5 · answered Aug 27 '13 at 00:00

0

Check out the NOPASSWD option in the /etc/sudoers file. This configures sudo to suppress the password check.

answered Aug 27 '13 at 00:00

Mark O'Connor

76,015
10
139
185

Nope...not working.I have added NOPASSWD for admin, but still the same. But i guess, this wont be the correct solution even if it works..coz we need to configure these things in client node, before bootstrapping, rt? that kind of tricks are my final option.. – HRM Aug 27 '13 at 01:05
It worries me when you say you added "NOPASSWD" for admin..... Are you also bootstrapping chef using the user "admin"?.... This will work. It may be inconvenient but it has to happen on the node you are connecting to. Allowing a client to disable a security feature from a remote connection would be a bad idea. Think of sudo configuration like the configuration you have to setup for sshd. Create your security policy and bake it into your image. – Mark O'Connor Aug 27 '13 at 07:17

score 0 · Answer 6 · answered Nov 07 '13 at 04:35

There are two kinds of authentication happening:

The SSH connection (may be via a key or via a password)
The sudo authentication (usually, a password is required).

When you are first bootstrapping a machine, I don't think you can avoid needing the sudo password.

I've seen Ruby code that can pass a sudo password over the SSH connection (so the user doesn't have to type it in the middle of the command), but I don't think that knife has that built in.

score 0 · Answer 7 · edited Jan 28 '19 at 16:17

0

It needs to be used in this way (worked for me)

knife bootstrap $ipaddr --ssh-user $userid --ssh-password $pswd --node-name $hostname --sudo --use-sudo-password -P $pswd

--use-sudo-password It is required to supply password for this option too, in the same way you supply for --ssh-password

edited Jan 28 '19 at 16:17

henrycarteruk

12,708
2
36
40

answered Sep 28 '15 at 10:09

Vinay Kadalagi

1,315
1
8
11

knife bootstrap command without prompting password

7 Answers7