cooking with chef on windows
DESCRIPTION
The January 2014 Edition.TRANSCRIPT
Cooking with Chef on Microsoft WindowsJulian C. DunnSenior Consultant, Chef Software, [email protected]
Chef and Windows Timeline• May 2011 – Knife plugin for Windows announced
• Oct 2011 – PowerShell, IIS, SQL Server, and Windows cookbooks
• Dec 2011 – Chef Client Installer MSI for Microsoft Windows
• Feb 2012 – Integration of the registry_key resource into core Chef from the Windows cookbook
• Aug 2013 – Chef 11.6.0 release. PowerShell and Batch scripting integrated into core Chef. Chef Client released as Windows service
• Aug 2013 - PowerShell Desired State Configuration support announced (for delivery in 2014)
Challenges to Chef on Windows• No real package manager
• COTS vendors don’t understand automation
• UAC
• WinRM Quotas
• Win32 Redirector
• Not all preferences/state stored in registry
Windows < 2012?• WinRM Memory Quota Hotfix required:
• http://support.microsoft.com/kb/2842230
Automating a .NET App on Windows
Automating a .NET App on Windows• The app: nopCommerce Shopping
Cart solution (www.nopcommerce.com)
• ASP.NET with SQL Server backend
• Available through WebPI
• WebPI install assumes a lot, however
• Full-featured app suitable to show off Chef resources on Windows
Resources Automated in Demo• Installing Windows Features and Roles
• IIS app pool
• IIS site
• IIS app
• Registry settings
• Deploying files onto the system
• Unzipping files
• Windows filesystem rights management
Provisioning with Chef• Azure plugin for Knife
• Request new VM from Azure API
• Bootstrap it over WinRM
• Install and start Chef
• Register with Chef server
• Run through the “run list”
• Instant infrastructure with one command
Video
The Recipe Code
::Chef::Recipe.send(:include, Windows::Helper)
windows_feature 'IIS-WebServerRole' do action :installend
# Pre-requisite features for IIS-ASPNET45 that need to be installed first, in this order.%w{IIS-ISAPIFilter IIS-ISAPIExtensions NetFx3ServerFeatures NetFx4Extended-ASPNET45 IIS-NetFxExtensibility45}.each do |f| windows_feature f do action :install endend
windows_feature 'IIS-ASPNET45' do action :installend
service "iis" do service_name "W3SVC" action :nothingend
include_recipe "iis::remove_default_site"
nopCommerce Recipe Code: Install IIS, ASP.NET 4.5
windows_zipfile node['nopcommerce']['approot'] do source node['nopcommerce']['dist'] action :unzip not_if {::File.exists?(::File.join(node['nopcommerce']['approot'], "nopCommerce"))}end
%w{App_Data bin Content Content\\Images Content\\Images\\Thumbs Content\\Images\\Uploaded Content\\files\\ExportImport Plugins Plugins\\bin}.each do |d| directory win_friendly_path(::File.join(node['nopcommerce']['approot'], 'nopCommerce', d)) do rights :modify, 'IIS_IUSRS' endend
%w{Global.asax web.config}.each do |f| file win_friendly_path(::File.join(node['nopcommerce']['approot'], 'nopCommerce', f)) do rights :modify, 'IIS_IUSRS' endend
nopCommerce Recipe Code: Install nopCommerce
iis_pool node['nopcommerce']['poolname'] do runtime_version "4.0" action :addend
directory node['nopcommerce']['siteroot'] do rights :read, 'IIS_IUSRS' recursive true action :createend
iis_site 'nopCommerce' do protocol :http port 80 path node['nopcommerce']['siteroot'] application_pool node['nopcommerce']['poolname'] action [:add,:start]end
iis_app 'nopCommerce' do application_pool node['nopcommerce']['poolname'] path node['nopcommerce']['apppath'] physical_path "#{node['nopcommerce']['approot']}\\nopCommerce" action :addend
Set up IIS Pool, App, etc.
system32_path = node['kernel']['machine'] == 'x86_64' ? 'C:\Windows\Sysnative' : 'C:\Windows\System32'cookbook_file "#{system32_path}\\oemlogo.bmp" do source node['windowshacks']['oeminfo']['logofile'] rights :read, "Everyone" action :createend
registry_key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation' do values [{:name => 'Logo', :type => :string, :data => 'C:\Windows\System32\oemlogo.bmp'}, {:name => 'Manufacturer', :type => :string, :data => node['windowshacks']['oeminfo']['manufacturer']}, {:name => 'SupportHours', :type => :string, :data => node['windowshacks']['oeminfo']['supporthours']}, {:name => 'SupportPhone', :type => :string, :data => node['windowshacks']['oeminfo']['supportphone']}, {:name => 'SupportURL', :type => :string, :data => node['windowshacks']['oeminfo']['supporturl']}] action :createend
Other Code You Might Have Noticed
64
The Result
Overview of Chef Resources on Windows
Same as UNIX/Linux• file, remote_file, cookbook_file, template
• directory, remote_directory
• user, group
• mount (can take CIFS paths)
• env
• service
• execute
• ruby_block
• many others...
Unique to Windows• registry_key (new in Chef 11.0.0)
• powershell_script (new in Chef 11.6.0)
• batch (new in Chef 11.6.0)
• Automatic architecture handling (:i386 vs. :x86_64)
• Automatic Windows filesystem redirector handling (Wow64)
• Long-term roadmap: move more resources to core and out of ‘windows’ cookbook
Windows-Only Cookbooks• By Chef:
• 7-zip
• iis
• powershell
• sql_server
• webpi
• windows
• wix
Windows Community Cookbooks• ms_dotnet2 / 4 / 45
• windows_ad (by TAMU)
• msoffice
• azure
# Set system’s proxy settings to be the same as used for Chefproxy = URI.parse(Chef::Config[:http_proxy])registry_key 'HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings' do values [{:name => 'ProxyEnable', :type => :reg_dword, :data => 1}, {:name => 'ProxyServer', :data => "#{proxy.host}:#{proxy.port}"}, {:name => 'ProxyOverride', :type => :reg_string, :data => '<local>'}] action :createend
registry_key example
powershell_script "rename hostname" do code <<-EOH $computer_name = Get-Content env:computername $new_name = 'test-hostname' $sysInfo = Get-WmiObject -Class Win32_ComputerSystem $sysInfo.Rename($new_name) EOHend
powershell_script example
Registry Helpers• Resources like powershell_script are not idempotent by default
• We provide some helpers for checking the registry:
• registry_data_exists?
• registry_get_subkeys
• registry_get_values
• registry_has_subkeys?
• registry_key_exists?
• registry_value_exists?
:windows_8_1?:windows_server_2012_r2?:windows_8?:windows_server_2012?
etc.
:marketing_name
:cluster?:core?:datacenter?
Version Helpers
• Methods on Chef::ReservedNames::Win32
require 'chef/win32/version' windows_version = Chef::ReservedNames::Win32::Version.new
if (windows_version.windows_server_2008_r2? || windows_version.windows_7?) && windows_version.core? # Server 2008 R2 Core does not come with .NET or Powershell 2.0 enabled # ... install Powershell 2.0 here end
Example Usage
• https://github.com/juliandunn/ms_dotnet2/blob/master/recipes/default.rb
Special File/Directory Handling• Parameters that don’t make sense
are ignored
• DOMAIN\user, DOMAIN\group work
• Filesystem ACLs are different on Windows
• mode parameter semantics
• rights parameter only for Windows
The ‘windows’ Cookbook• The windows cookbook includes a number of resources
and providers, and helper libraries.
• See https://github.com/opscode-cookbooks/windows for a full list
• Highlights:
• windows_auto_run
• windows_feature
• windows_package
• windows_path
• windows_reboot
• windows_zipfile
• Other: windows_printer, windows_printer_port, windows_task
Windows Report Handlers• Windows cookbook:
• WindowsRebootHandler
• windows_reboot resource
• windows::reboot_handler recipe
• Eventlog cookbook:
• Send Chef output to Windows Event Log
Desired State Configuration (DSC)•New in Windows 2012R2 / WMF4
•“Chef-like” declarative system
•Compiles to intermediate format (MOF)
•Provides reliable automation hooks into Windows
dsc_resource 'IIS' do name 'Webserver' resource :component action :installend
Potential DSC Integration
• 1:1 mapping DSC resources to Chef resources
• Challenges: DSC transactional, Chef is not
• Thoughts? See me after
Windows Roadmap 2014• Moar resources in core chef-client
• Package (e.g. msi), feature, reboot, etc.
• PowerShell DSC resource integration
• Easy WinRM setup, bootstrap
• Cookbooks: WSUS, AD, Group Policy, etc.
• Miscellaneus: Anonymous Resource RFC
• http://tinyurl.com/anonymous-resource-rfc
Testing on Windows
As a Host• Berkshelf, Test-Kitchen, ChefSpec work on Windows
• You need Git Bash or a UNIX-like environment
As a Guest• vagrant-windows
• Monkeypatch to Vagrant to support WinRM
• Works adequately, but fragile
• Packer images to generate Windows VMs
• https://github.com/misheska/basebox-packer
• ServerSpec supports Windows, but limited assertions
Questions?• Much more than what’s shown here!
• Questions?
• Thank you!
• E: [email protected]
• W: www.getchef.com
• T: @julian_dunn
• G: github.com/juliandunn
