Using a script that requires user input with chef cookbook with vagrant

Question

I'm writing a custom Asterisk chef cookbook where I need to run this script

bash 'create asterisk keys' do
  user 'root'
  cwd File.dirname(source_path)
  code <<-EOH
    cd asterisk-#{node.version}*
    ./contrib/scripts/ast_tls_cert -C #{node.host} -O "#{node.box_name}" -d #{node.keys_dir}
  EOH
  action :nothing
end

This ast_tls_cert script will ask for several password inputs, but when I run this through vagrant the keys never get generated since the passwords never get entered. Is there a way to tell chef that if the script requires user input to just use some ENV variable as the value? I don't really need it to stop and ask the user for the inupt. Actually, I'd rather it didn't do that. I just want to specify some value and tell it to use that value.

Admittedly [that script](http://svn.asterisk.org/svn/asterisk/trunk/contrib/scripts/ast_tls_cert) is just a convenience wrapper around openssl. You may be able to make the calls to openssl commands directly (which would enable the -passin and -passout command line options). Or even you may be able to just use ruby in a ruby_block with the [OpenSSL Module](http://ruby-doc.org/stdlib-1.9.3/libdoc/openssl/rdoc/OpenSSL.html) — Charlie, Nov 04 '14 at 19:02

score 0 · Answer 1 · edited Nov 04 '14 at 18:29

0

In general you need to assume Chef is running unattended. You can use tools like expect or pexpect(python version) to drive scripts that absolutely require interactive input, but check if you can provide the passwords via environment variables or similar.

edited Nov 04 '14 at 18:29

jeremywoertink

2,281
1
23
29

answered Nov 04 '14 at 00:43

coderanger

52,400
4
52
75

There must be some chef method to do this. I know ruby has the `PTY` module. The ast_tls_cert script doesn't have a way to pass passwords as options. – jeremywoertink Nov 04 '14 at 16:29
I mean you could write a simple clone of expect in Ruby (indeed, [Google shows at least one exists](https://github.com/abates/ruby_expect)), but that isn't something Chef does or cares about. – coderanger Nov 04 '14 at 19:25

score 0 · Answer 2 · answered Nov 04 '14 at 21:36

There's a gem called ruby_expect which can be added into a cookbook to handle this.

At the top of your cookbook default.rb file you'll want to add in chef_gem 'ruby_expect'. Next I created a ruby_block to handle doing this.

ruby_block 'create asterisk keys' do
  block do
    require 'ruby_expect'
    Dir.chdir(File.join(File.dirname(tarball_path), "asterisk-#{node.version}"))
    exp = RubyExpect::Expect.spawn(%{./contrib/scripts/ast_tls_cert -C #{node.host} -O "#{node.box_name}" -d #{node.keys_dir}}, debug: true)
    exp.procedure do
      each do
        expect %r{Enter pass phrase for /etc/asterisk/keys/ca.key:} do
          send 'somepassword'
        end
      end
    end
  end
  action :nothing
end

Where tarball_path is where you downloaded the asterisk tar.

Using a script that requires user input with chef cookbook with vagrant

2 Answers2