Cooking with Chef on Microsoft Windows Julian C. Dunn Senior Consultant, Chef Software, Inc. [email protected]
Cooking with Chef on Windows
Jan 27, 2015
The January 2014 Edition.
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Cooking with Chef on Microsoft WindowsJulian C. DunnSenior Consultant, Chef Software, [email protected]
Chef and Windows Timeline• May 2011 – Knife plugin for Windows announced
• Oct 2011 – PowerShell, IIS, SQL Server, and Windows cookbooks
• Dec 2011 – Chef Client Installer MSI for Microsoft Windows
• Feb 2012 – Integration of the registry_key resource into core Chef from the Windows cookbook
• Aug 2013 – Chef 11.6.0 release. PowerShell and Batch scripting integrated into core Chef. Chef Client released as Windows service
• Aug 2013 - PowerShell Desired State Configuration support announced (for delivery in 2014)
Challenges to Chef on Windows• No real package manager
• COTS vendors don’t understand automation
• UAC
• WinRM Quotas
• Win32 Redirector
• Not all preferences/state stored in registry
Windows < 2012?• WinRM Memory Quota Hotfix required:
• http://support.microsoft.com/kb/2842230
Automating a .NET App on Windows
Automating a .NET App on Windows• The app: nopCommerce Shopping
Cart solution (www.nopcommerce.com)
• ASP.NET with SQL Server backend
• Available through WebPI
• WebPI install assumes a lot, however
• Full-featured app suitable to show off Chef resources on Windows
Resources Automated in Demo• Installing Windows Features and Roles
• IIS app pool
• IIS site
• IIS app
• Registry settings
• Deploying files onto the system
• Unzipping files
• Windows filesystem rights management
Provisioning with Chef• Azure plugin for Knife
• Request new VM from Azure API
• Bootstrap it over WinRM
• Install and start Chef
• Register with Chef server
• Run through the “run list”
• Instant infrastructure with one command
Video
The Recipe Code
::Chef::Recipe.send(:include, Windows::Helper)
windows_feature 'IIS-WebServerRole' do action :installend
# Pre-requisite features for IIS-ASPNET45 that need to be installed first, in this order.%w{IIS-ISAPIFilter IIS-ISAPIExtensions NetFx3ServerFeatures NetFx4Extended-ASPNET45 IIS-NetFxExtensibility45}.each do |f| windows_feature f do action :install endend
windows_feature 'IIS-ASPNET45' do action :installend
service "iis" do service_name "W3SVC" action :nothingend
include_recipe "iis::remove_default_site"
nopCommerce Recipe Code: Install IIS, ASP.NET 4.5
windows_zipfile node['nopcommerce']['approot'] do source node['nopcommerce']['dist'] action :unzip not_if {::File.exists?(::File.join(node['nopcommerce']['approot'], "nopCommerce"))}end
%w{App_Data bin Content Content\\Images Content\\Images\\Thumbs Content\\Images\\Uploaded Content\\files\\ExportImport Plugins Plugins\\bin}.each do |d| directory win_friendly_path(::File.join(node['nopcommerce']['approot'], 'nopCommerce', d)) do rights :modify, 'IIS_IUSRS' endend
%w{Global.asax web.config}.each do |f| file win_friendly_path(::File.join(node['nopcommerce']['approot'], 'nopCommerce', f)) do rights :modify, 'IIS_IUSRS' endend
nopCommerce Recipe Code: Install nopCommerce
iis_pool node['nopcommerce']['poolname'] do runtime_version "4.0" action :addend
directory node['nopcommerce']['siteroot'] do rights :read, 'IIS_IUSRS' recursive true action :createend
iis_site 'nopCommerce' do protocol :http port 80 path node['nopcommerce']['siteroot'] application_pool node['nopcommerce']['poolname'] action [:add,:start]end
iis_app 'nopCommerce' do application_pool node['nopcommerce']['poolname'] path node['nopcommerce']['apppath'] physical_path "#{node['nopcommerce']['approot']}\\nopCommerce" action :addend
Set up IIS Pool, App, etc.
system32_path = node['kernel']['machine'] == 'x86_64' ? 'C:\Windows\Sysnative' : 'C:\Windows\System32'cookbook_file "#{system32_path}\\oemlogo.bmp" do source node['windowshacks']['oeminfo']['logofile'] rights :read, "Everyone" action :createend
registry_key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation' do values [{:name => 'Logo', :type => :string, :data => 'C:\Windows\System32\oemlogo.bmp'}, {:name => 'Manufacturer', :type => :string, :data => node['windowshacks']['oeminfo']['manufacturer']}, {:name => 'SupportHours', :type => :string, :data => node['windowshacks']['oeminfo']['supporthours']}, {:name => 'SupportPhone', :type => :string, :data => node['windowshacks']['oeminfo']['supportphone']}, {:name => 'SupportURL', :type => :string, :data => node['windowshacks']['oeminfo']['supporturl']}] action :createend
Other Code You Might Have Noticed
64
The Result
Overview of Chef Resources on Windows
Same as UNIX/Linux• file, remote_file, cookbook_file, template
• directory, remote_directory
• user, group
• mount (can take CIFS paths)
• env
• service
• execute
• ruby_block
• many others...
Unique to Windows• registry_key (new in Chef 11.0.0)
• powershell_script (new in Chef 11.6.0)
• batch (new in Chef 11.6.0)
• Automatic architecture handling (:i386 vs. :x86_64)
• Automatic Windows filesystem redirector handling (Wow64)
• Long-term roadmap: move more resources to core and out of ‘windows’ cookbook
Windows-Only Cookbooks• By Chef:
• 7-zip
• iis
• powershell
• sql_server
• webpi
• windows
• wix
Windows Community Cookbooks• ms_dotnet2 / 4 / 45
• windows_ad (by TAMU)
• msoffice
• azure
# Set system’s proxy settings to be the same as used for Chefproxy = URI.parse(Chef::Config[:http_proxy])registry_key 'HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings' do values [{:name => 'ProxyEnable', :type => :reg_dword, :data => 1}, {:name => 'ProxyServer', :data => "#{proxy.host}:#{proxy.port}"}, {:name => 'ProxyOverride', :type => :reg_string, :data => '<local>'}] action :createend
registry_key example
powershell_script "rename hostname" do code <<-EOH $computer_name = Get-Content env:computername $new_name = 'test-hostname' $sysInfo = Get-WmiObject -Class Win32_ComputerSystem $sysInfo.Rename($new_name) EOHend
powershell_script example
Registry Helpers• Resources like powershell_script are not idempotent by default
• We provide some helpers for checking the registry:
• registry_data_exists?
• registry_get_subkeys
• registry_get_values
• registry_has_subkeys?
• registry_key_exists?
• registry_value_exists?
:windows_8_1?:windows_server_2012_r2?:windows_8?:windows_server_2012?
etc.
:marketing_name
:cluster?:core?:datacenter?
Version Helpers
• Methods on Chef::ReservedNames::Win32
require 'chef/win32/version' windows_version = Chef::ReservedNames::Win32::Version.new
if (windows_version.windows_server_2008_r2? || windows_version.windows_7?) && windows_version.core? # Server 2008 R2 Core does not come with .NET or Powershell 2.0 enabled # ... install Powershell 2.0 here end
Example Usage
• https://github.com/juliandunn/ms_dotnet2/blob/master/recipes/default.rb
Special File/Directory Handling• Parameters that don’t make sense
are ignored
• DOMAIN\user, DOMAIN\group work
• Filesystem ACLs are different on Windows
• mode parameter semantics
• rights parameter only for Windows
The ‘windows’ Cookbook• The windows cookbook includes a number of resources
and providers, and helper libraries.
• See https://github.com/opscode-cookbooks/windows for a full list
• Highlights:
• windows_auto_run
• windows_feature
• windows_package
• windows_path
• windows_reboot
• windows_zipfile
• Other: windows_printer, windows_printer_port, windows_task
Windows Report Handlers• Windows cookbook:
• WindowsRebootHandler
• windows_reboot resource
• windows::reboot_handler recipe
• Eventlog cookbook:
• Send Chef output to Windows Event Log
Desired State Configuration (DSC)•New in Windows 2012R2 / WMF4
•“Chef-like” declarative system
•Compiles to intermediate format (MOF)
•Provides reliable automation hooks into Windows
dsc_resource 'IIS' do name 'Webserver' resource :component action :installend
Potential DSC Integration
• 1:1 mapping DSC resources to Chef resources
• Challenges: DSC transactional, Chef is not
• Thoughts? See me after
Windows Roadmap 2014• Moar resources in core chef-client
• Package (e.g. msi), feature, reboot, etc.
• PowerShell DSC resource integration
• Easy WinRM setup, bootstrap
• Cookbooks: WSUS, AD, Group Policy, etc.
• Miscellaneus: Anonymous Resource RFC
• http://tinyurl.com/anonymous-resource-rfc
Testing on Windows
As a Host• Berkshelf, Test-Kitchen, ChefSpec work on Windows
• You need Git Bash or a UNIX-like environment
As a Guest• vagrant-windows
• Monkeypatch to Vagrant to support WinRM
• Works adequately, but fragile
• Packer images to generate Windows VMs
• https://github.com/misheska/basebox-packer
• ServerSpec supports Windows, but limited assertions
Questions?• Much more than what’s shown here!
• Questions?
• Thank you!
• E: [email protected]
• W: www.getchef.com
• T: @julian_dunn
• G: github.com/juliandunn
Related Documents
