Cooking on Windows without the Windows Cookbook
May 17, 2015
Writing recipes for Windows typically involves taking a dependency on the platform-specific Windows cookbook, an artifact that has no real analog when authoring content for Unix-like systems. This requirement is changing starting with Chef 11, as more functionality and resources such as the registry resource formerly tied to the Windows cookbook are available in the core chef-client itself, thus reducing or eliminating the need to use the Windows cookbook. Additionally, the new implementations of the resources provide additional features that make recipes more predictable and robust on the Windows platform.
We’ll see some of this new capability in action, describe the motivation and what gets better, and look forward to additional Windows functionality that can be folded into chef-client.
Takeaways
All of us, Windows and non-Windows users alike, benefit when we rely less on the Windows cookbook
New resources for registry, powershell, and batch scripting are available without the Windows cookbook
These resources enable predictability for 32-bit / 64-bit (Wow64) difficulties
We should start changing our cookbooks to use the new resources
Chef-client as a Windows service is now robust and reliable, no Windows cookbook needed
This is just the beginning–let us know what should jump into core Chef next!
We’ll see some of this new capability in action, describe the motivation and what gets better, and look forward to additional Windows functionality that can be folded into chef-client.
Takeaways
All of us, Windows and non-Windows users alike, benefit when we rely less on the Windows cookbook
New resources for registry, powershell, and batch scripting are available without the Windows cookbook
These resources enable predictability for 32-bit / 64-bit (Wow64) difficulties
We should start changing our cookbooks to use the new resources
Chef-client as a Windows service is now robust and reliable, no Windows cookbook needed
This is just the beginning–let us know what should jump into core Chef next!
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Cooking Without the Windows Cookbook Adam Edwards [email protected] @adamedx
Software Engineer Opscode, Inc.
How to use Chef on Unix…
• First, set up your knife workstation
• Upload the Unix cookbook
• Write some Unix recipes…
• knife cookbook upload them
• Edit your run list
• Converge!
• Upload the “Unix cookbook?”
• HAHAHAHAHAHA
• But there is a Windows cookbook...
So what’s this Windows cookbook?
• A cookbook can add resources that aren’t supported by chef-client alone
• Easy way to add early support for the Windows platform
• Lots of goodies that make managing Windows possible:
• windows_batch
• windows_registry
• windows_package
• windows_task
• windows_reboot
• So much more – cool stuff!
• It gives you power!
But I have to take it everywhere…
• Seems like I’m always tossing ‘windows’ into metadata.rb
• Even for the simplest recipes
• If I’m on Windows, can’t Chef just “know” that I’m using the Windows cookbook?
• The other chefs can do the basics with no cookbooks… • Package, script / bash, many others all there on Unix
• Oh, and there’s a separate PowerShell cookbook you need, too • You do use PowerShell, right?
• PSST, it’s better than bash J
Welcome to the kids table…
Oh and it infects Unix admins too
• For Unix, admins can reuse popular cookbooks that support Windows
• And those cookbooks often require the Windows cookbook
• So now those Unix admins need the Windows cookbook • Limits dependences we add to Windows cookbook
• Case in point: git cookbook • https://github.com/opscode-cookbooks/git/blob/master/metadata.rb
on your
OK, I’m convinced, no more Windows cookbook!
• Let’s get rid of it!
• Well, maybe not, after all, there is an Ubuntu cookbook…
• Hey, put all the common goodies in chef-client!
• Registry, batch, powershell, package, etc.
• And while we’re at it, let’s make some improvements!
• And also add lots of spec tests!
• Then we spice up Windows cookbooks with power tools • Not necessities
• Now you can write more Windows recipes without Windows cookbook
• Common tasks on Windows get easy!
Introducing a few new resources / features
• Chef 11 adds new resources to chef-client • registry_key, released in 11.0
• powershell, in master, release pending
• batch, in master, release pending
• They support explicit control of 32-bit / 64-bit functionality
• More on that later
• Replaces analogs in Windows cookbook
• And chef-client as a Windows service also in Chef 11 master
• Can be configured at chef-client MSI installation time
• So you don’t have to use chef-client cookbook
• It’s also more robust, lightweight
A word on 32 / 64-bit
• The new resources include an “architecture” attribute • :i386 for x86, :x86_64 for x64
• Defaults to :x86_64 on x64 Windows, :i386 otherwise
• Wow64 (32-bit on 64-bit) is very confusing
• You must be running in a 64-bit process to see 64-bit things • Same for 32-bit processes
• Windows cookbook resources can’t see 32-bit only registry
• Causes weird, inexplicable anomalies • Need weird hacks, workarounds not always feasible
• But new resources let you control this, no more unpredictability! • Our Unix friends just won’t understand J
Wow6432Node, SysWow64 WAT???!!!
registry_key
• Usage is significantly different than the windows_registry resource
• Values are modeled explicitly in addition to keys
• So not a drop-in replacement, but more robust as a result
• registry_key "HKLM\\Software\\MyApp\\MyConfig" do values [{ :name => "NewRegistryKeyValue", :type => :multi_string, :data => foo\0bar\0\0 }] architecture :i386 action :create end
• You can control 32/64-bit!
powershell / batch
• Analogs to powershell, windows_batch
• Essentially drop-in replacements
• Just change resource names, remove cookbook dependencies
• batch "batch_x86" do architecture :i386 code <<-‐EOH echo I am an %PROCESSOR_ARCHITECTURE% script. > c:\\arch.txt EOH end
• powershell “powershell_x64" do architecture :x86_64 code <<-‐EOH cd wsman:\localhost\shell; si MaxMemoryPerShellMB 8192 EOH end
Demo: Registry, Powershell – No cookbooks
More Windows resources to come
• Move remaining common resources to chef-client
• Package
• May unify ServerManager (aka windows_feature), DISM
• Scheduled Tasks
• Steroid enhanced cron
• Reboot
• More core resources => we can remove Windows dependency from git, other cookbooks
Bonus: Chef-Client as a (lightweight!) Windows service
• Chef-client in master ships with chef-service-manager
• Run chef-‐service-‐manager -‐a to install chef-client as a Windows service
• Or just install it via the MSI (graphical or msiexec) • Obviates need to use chef-client cookbook
• Updated implementation eliminates polling / busy wait • Just sleeps until a timer event, no cpu, memory pages out
• Shuts down via alertable thread
Demo – chef-client service
Not just more features, more Windows contributors!
• Opscode is investing in Windows • Engineers Seth Chisamore, John Keiser, others added Windows support, 2011, Q1 2012
• H2 2012: More Opscode developers joined the fun:
• Lamont Granquist
• Prajakta Purohit
• Serdar Sutay
• Adam Edwards
• Not just staffing, but sharing Windows across the engineering teams
• Community is investing in Windows • Contributions increasing as we gain Windows users
• Example: See the Nordstrom Unicorns about Mixlib::Shellout, Printer LWRP, chef-vault…
• Doug Ireton, Kevin Moser, more…
Beyond cookbooks – more Chef for Windows!
• We are not done – more good things coming to Chef on Windows!
• What if the chef-client msi made knife workstation experience better?
• What if I had an actual editor on my knife workstation?
• Maybe even a better terminal (ConEmu anyone?)
• Can we take more advantage of Windows coolness? • Can knife and PowerShell work better together?
• 64-bit (Ruby 2.0) Chef-client?
• Let your voice be heard – http://community.opscode.com
• Happy 10th Anniversary Windows Server 2003 and x64 Windows! • Launched April 24, 2003, San Francisco, CA
Windows CAN because CODE CAN
Related Documents
