Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cooking with Chef on Windows: 2015 Edition


Published on

Talk at CfgMgmtCamp 2015

Published in: Internet

Cooking with Chef on Windows: 2015 Edition

  1. 1. Cooking with Chef on Windows The 2015 Edition Julian Dunn Product Manager Chef Software, Inc.
  2. 2. 2015 Changelog • ChefDK • Azure extension • Reboot handling • Windows package • Event log • Desired State Configuration • Test Kitchen on Windows (guest/host) • Pester • PoSHChef
  3. 3. Challenges to Chef on Windows • No real package manager • Many COTS vendors don’t understand automation • UAC (User Access Control) • WinRM Quotas • Win32 Redirector • Not all preferences/state stored in registry • Reboots • Some commands over WinRM behave differently • Other annoyances (KB2773898, KB2918614, KB2842230) •
  4. 4. Windows =< 2012? • WinRM Memory Quota Hotfix required: •
  5. 5. Automating a .NET Application
  6. 6. Resources Automated in the Demo • Installing Windows Features and Roles • IIS app pool • IIS site • IIS app • Registry settings • Deploying files onto the system • Unzipping files • Windows filesystem rights management
  7. 7. Provisioning with Chef 1. Upload content (cookbooks, roles, etc.) 2. Request VM 3. Create VM, install Azure and Chef agents 4. Register with Chef server 5. Execute run_list
  8. 8. Provisioning with Chef on Azure $ knife azure server create --azure-source-image --bootstrap-protocol cloud-api --winrm-user chef --winrm-password DELETED --azure-dns-name DELETED -r "role[base-windows], role[fourthcoffee-classic]" ........... Waiting for virtual machine to reach status 'provisioning'............vm state 'provisioning' reached after 2.6 minutes. Waiting for virtual machine to reach status 'ready'..........................vm state 'ready' reached after 6.23 minutes. . DNS Name: VM Name: DELETED Size: Medium Azure Source Image: Azure Service Location: East US Public Ip Address: XXXXXXXX Private Ip Address: YYYYYYYY WinRM Port: 5985 Environment: _default
  9. 9. Provisioning with Chef on Azure Waiting for Resource Extension to reach status 'wagent provisioning'.... Resource extension state 'wagent provisioning' reached after 0.03 minutes. Waiting for Resource Extension to reach status 'installing'.................... Resource extension state 'installing' reached after 2.17 minutes. Waiting for Resource Extension to reach status 'provisioning'.................................... Resource extension state 'provisioning' reached after 4.33 minutes. Waiting for Resource Extension to reach status 'ready'.................... Resource extension state 'ready' reached after 2.16 minutes. . DNS Name: VM Name: DELETED Size: Medium Azure Source Image: Azure Service Location: East US Public Ip Address: XXXXXX Private Ip Address: YYYYYY WinRM Port: 5985 Environment: _default Runlist: ["role[base-windows]", "role[fourthcoffee-classic]"]
  10. 10. Welcome to Fourth Coffee Corporation of Seattle
  11. 11. The Man Behind the Curtain windows_feature 'IIS-WebServerRole' do action :install end # Pre-requisite features for IIS-ASPNET45 that need to be installed first, in this order. %w{IIS-ISAPIFilter IIS-ISAPIExtensions NetFx3ServerFeatures NetFx4Extended-ASPNET45 IIS-NetFxExtensibility45}.each do |f| windows_feature f do action :install end end windows_feature 'IIS-ASPNET45' do action :install end
  12. 12. More Code… remote_directory node['fourthcoffee']['install_path'] do source 'fourthcoffee' action :create end iis_pool 'FourthCoffee' do runtime_version '4.0' action :add end iis_site 'FourthCoffee' do protocol :http port 80 path node['fourthcoffee']['install_path'] application_pool 'FourthCoffee' action [:add,:start] end
  13. 13. Other Code I Use… system32_path = node['kernel']['machine'] == 'x86_64' ? 'C:WindowsSysnative' : 'C:WindowsSystem32' cookbook_file "#{system32_path}oemlogo.bmp" do source node['windowshacks']['oeminfo']['logofile'] rights :read, "Everyone" action :create end registry_key 'HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionOEMInformation' do values [{:name => 'Logo', :type => :string, :data => 'C:WindowsSystem32oemlogo.bmp'}, {:name => 'Manufacturer', :type => :string, :data => node['windowshacks']['oeminfo']['manufacturer']}, {:name => 'SupportHours', :type => :string, :data => node['windowshacks']['oeminfo']['supporthours']}, {:name => 'SupportPhone', :type => :string, :data => node['windowshacks']['oeminfo']['supportphone']}, {:name => 'SupportURL', :type => :string, :data => node['windowshacks']['oeminfo']['supporturl']}] action :create end
  14. 14. ^ 64 sys
  15. 15. The Result
  16. 16. Chef Resources on Windows
  17. 17. Cross-Platform • file, remote_file, cookbook_file, template • directory, remote_directory • user, group • mount (can take CIFS paths) • env • service • execute • ruby_block • reboot (new this year)
  18. 18. Reboot Resource reboot "now" do action :nothing reason "Cannot continue Chef run without a reboot." delay_mins 2 end
  19. 19. Windows-Specific • registry_key • powershell_script • batch • service resource can handle :automatic, :delayed (new in 2015) • windows_package (new in 2015) • Automatic architecture handling (:i386 vs. :x86_64) • Automatic Windows filesystem redirector handling (Wow64) • Auto-detection of :guard_interpreter
  20. 20. Guard Interpreter • Older (pre-12) versions of Chef always used sh or cmd to execute guards (not_if/only_if) • Didn't make a lot of sense: powershell_script "hello" do code "…" # powershell code here not_if { … } # guard used to run as cmd.exe! end
  21. 21. Guard Interpreter (continued) • Chef 12: sensible defaults for guard interpreter • powershell_script uses PowerShell • batch uses CMD.EXE • Override as desired • guard_interpreter :bash, :batch, :powershell_script, etc. etc.
  22. 22. Windows Helpers registry_data_exists? registry_get_subkeys registry_get_values registry_has_subkeys? registry_key_exists? registry_value_exists?
  23. 23. System Helpers on Chef::ReservedNames::Win32 :windows_8_1? :windows_server_2012_r2? :windows_8? :windows_server_2012? etc. :marketing_name :cluster? :core? :datacenter?
  24. 24. Special File and Directory Handling • Parameters that don’t make sense are ignored • DOMAINuser, DOMAINgroup work • Filesystem ACLs are different on Windows • mode parameter semantics • rights parameter only for Windows
  25. 25. Native Event Logging in Chef Client 12
  26. 26. Desired State Configuration Native declarative state management on Windows
  27. 27. PowerShell DSC: The Future of Automation "DSC represents a significant break in administration, because it asks … administrators to not actually configure anything themselves. Instead, DSC asks administrators to describe, in fairly simple text files, how they would like a computer to be configured. The computer, in turn, reads that text file, and configures itself accordingly." - The DSC Book, Don Jones & Steve Murawski
  28. 28. Aren't DSC and Chef Competitors? • As PerfMon is to Solarwinds, DSC is to Chef • DSC provides automation primitives that Chef recipes can call • It deliberately lacks the ecosystem: • Content distribution • Cross-platform support • Monitoring/logging/analytics • However, it brings a standard base for automation to Windows • No MSFT product in the future may ship without DSC modules!
  29. 29. Example DSC Code Configuration FourthCoffee { # Install the IIS role WindowsFeature IIS { Ensure = "Present" Name = "Web-Server" } # Install the ASP .NET 4.5 role WindowsFeature AspNet45 { Ensure = "Present" Name = "Web-Asp-Net45" } ... } dsc_resource 'webserver' do resource_name :windowsfeature property :name, 'Web-Server' property :ensure, 'Present' end dsc_resource 'dotnet45' do resource_name :windowsfeature property :name, 'Web-Asp-Net45' property :ensure, 'Present' end
  30. 30. Testing Chef Infracode on Windows
  31. 31. Chef Development Kit (ChefDK) • Obviates need to build your own Ruby development environment • One-click, instant prescriptive workflow for infrastructure coding • Code linting • Unit testing • Acceptance testing • Test Kitchen • … bring your own hypervisor.
  32. 32. Test Kitchen Support on Windows • Hard at work – releasing soon! • Windows guests (with or without Windows host) • Working bundle: • Where to get Windows box images?
  33. 33. Test Kitchen on Windows Demo fourthcoffee ~$ kitchen test default-windows-2012R2 --destroy=never -----> Starting Kitchen (v1.3.0) -----> Cleaning up any prior instances of <default-windows-2012R2> -----> Testing <default-windows-2012R2> -----> Creating <default-windows-2012R2>... Bringing machine 'default' up with 'virtualbox' provider... ==> default: Importing base box 'win2012r2-datacenter-chef11.16.2'... Vagrant instance <default-windows-2012R2> created. Finished creating <default-windows-2012R2> (2m57.54s). -----> Converging <default-windows-2012R2>... -----> Chef Omnibus installation detected (true) Transferring files to <default-windows-2012R2> Concurrent threads set to :max_threads => 2 [2014-10-13T19:16:36-07:00] INFO: Starting chef-zero on host localhost, port 8889 with repository at repository at C:/tmp/kitchen One version per cookbook [2014-10-13T19:16:40-07:00] INFO: *** Chef 11.16.2 *** [2014-10-13T19:16:40-07:00] INFO: Chef-client pid: 1656
  34. 34. Test Kitchen on Windows Demo [2014-10-13T19:19:10-07:00] INFO: Chef Run complete in 142.572914 seconds [2014-10-13T19:19:10-07:00] INFO: Running report handlers [2014-10-13T19:19:10-07:00] INFO: Report handlers complete Finished converging <default-windows-2012R2> (22m55.08s). -----> Setting up <default-windows-2012R2>... -----> Running postinstall for serverspec plugin Finished setting up <default-windows-2012R2> (0m45.62s). -----> Verifying <default-windows-2012R2>... -----> Running serverspec test suite Windows feature "IIS-WebServer" should be installed Port "80" should be listening File "C:inetpubFourthCoffeeDefault.cshtml" should be file Finished in 13.41 seconds (files took 0.48432 seconds to load) 3 examples, 0 failures Finished verifying <default-windows-2012R2> (0m22.73s). Finished testing <default-windows-2012R2> (27m11.16s). -----> Kitchen is finished. (27m12.60s)
  35. 35. Windows Roadmap for 2015 • Import DSC resources into core • Importing more resources from windows cookbook • AD, GPO, WSUS client/server cookbooks • Performance on Windows
  36. 36. Q&A julian_dunn juliandunn