[chef] RE: Installing a package from a password-protected UNC share


Chronological Thread 
  • From: Kevin Keane Subscription < >
  • To: < >
  • Subject: [chef] RE: Installing a package from a password-protected UNC share
  • Date: Sat, 2 Feb 2013 20:56:32 -0800
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=sendgrid.info; h=subject :from:to:mime-version:content-type:in-reply-to:references :sender; q=dns; s=smtpapi; b=Oh3MyT67Y5voZ6Az1qzYQgJINlsIGP3VaFH u/y6b3lbRbEY7308xl05IrgEdOpLIqHgJnsx0E87Yf6mB6KhSuQMXlDr8L0QTbGv DtqnoCn7x/XDhO4S3GIEaIhDvm/qjFuqHnCqmCYkAirb7FCA1YsQNHxgPWPMAXO4 mlHqqOV8=

Title: RE: [chef] Installing a package from a password-protected UNC share

Are you working in a domain environment? If not, can you set one up (a Samba-based NT domain should be just fine. Active Directory is better of course)?

 

With a domain, the computer itself will have a domain account, and you can add computers to the permissions for a share the same way you can give users permissions. I'd recommend creating a group that contains all your computers, and then giving that group permissions on your share.
 

-----Original message-----
From: Andrea Campi < >
Sent: Thu 01-31-2013 05:00 am
Subject: [chef] Installing a package from a password-protected UNC share
To: ;
Ohai Chefs,
 
I'm seeking help from those of you who have more Windows-fu than I.
 
I need to install some software from a Windows share.
Unfortunately there doesn't seem to be a way to specify username and password in a UNC path and give that to either the windows_service or remote_file resource. Or is there?
 
 
Failing that, we tried something like this:
 
execute "mount share #{drive}" do
  command "net use #{drive}: #{path} /user:#{username} #{password} /persistent:No"
end

windows_package "Symantec Anti-Virus" do
  source "#{drive}:\\#{node['symantec-antivirus']['installer']['arch_file']}"
  options "/qn ALLUSERS=1 REBOOT=ReallySuppress"

  action :install
end

execute "unmount share #{drive}" do
  command "net use /d #{drive}:"
end
 
 
This sucks in many ways (deciding which drive letter to use is tricky, any failure will leave mapped drives around, …).
 
Worse, it doesn't work when chef-client is run a service!
 
STDERR: System error 1312 has occurred.

A specified logon session does not exist. It may already have been terminated.
 
 
Googling about this stuff, it seems there is a way around this error by using a PSEXEC.EXE, but I would rather avoid that is possible.
 
Thoughts?
 
Andrea
 



Archive powered by MHonArc 2.6.16.

§