chef - [chef] Server 2012/WinRM3 uses different security?

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Server 2012/WinRM3 uses different security?

From: Nate Fox < >
To:
Subject: [chef] Server 2012/WinRM3 uses different security?
Date: Thu, 23 May 2013 11:39:50 -0700

My question is this: is there a permissions issue of some kind when running chef through WinRM3 that doesnt allow programs to go out to the internet?

I'm trying to use Chef-client 11.4.4 on Server 2012 Std to deploy SQL 2012. I've run into two problems and I believe they're related:

windows_feature "NetFx3" do

action :install

end

This fails as DISM is supposed to go to Microsoft update and download the .Net 3.5.1 files. It works fine if I run

DISM /online /enable-feature /featurename:NetFx3 /norestart

manually through RDP - which is basically what the windows_feature runs. It also fails if I run:

knife winrm 192.168.170.162 'DISM /online /enable-feature /featurename:NetFx3 /norestart' -m -x nfox

(note: NetFx3 relies on NetFx3ServerFeatures which I've made sure is already installed)

If I run

DISM /online /enable-feature /featurename:NetFx3 /norestart /LimitAccess /Source:d:\sources\sxs

through a recipe (with the DVD in), it works. Effectively, this bypasses the need to go online to download the files.

The second problem is SQL Server 2012 setup tries to go online looking for updates during install. If I add the /UpdateEnabled=false switch to the install command, it proceeds. I'm using

windows_package "Microsoft SQL Server 2012 (64-bit)" do

source "\\\\10.200.1.240\\admin\\Installs\\SQL\\SQL2012Std\\setup.exe"

timeout 3600

action :install

installer_type :custom

options "/ConfigurationFile=\"#{node['mssql']['installIni']}\" /SAPWD=\"#{node['mssql']['sapw']}\""

end

In the installIni file, I have a setting of UpdateSource=MU.

I'm running chef via:

knife winrm 192.168.170.145 'chef-client -c c:/chef/client.rb' -m -x nfox

if that makes a difference. I do not have this problem when I run chef-client from an administrator:cmd window in an RDP session. So it seems to be something with WinRM and I'm guessing some kind of security setting?

As a quick test, I ran it on Server 2008 and also got the same error installing SQL:

Setup encountered an unexpected failure when trying to run workflow SEARCHUPDATES.

So apparently its not just Server 2012 like I thought.

[chef] Server 2012/WinRM3 uses different security?, Nate Fox, 05/23/2013
- [chef] Re: Server 2012/WinRM3 uses different security?, Peter Donald, 05/23/2013
  - [chef] Re: Re: Server 2012/WinRM3 uses different security?, David Petzel, 05/23/2013
    - [chef] Re: Re: Re: Server 2012/WinRM3 uses different security?, Adam Edwards, 05/24/2013
      - [chef] Re: Re: Re: Re: Server 2012/WinRM3 uses different security?, David Petzel, 05/24/2013
        
        [chef] Re: Re: Re: Re: Re: Server 2012/WinRM3 uses different security?, Adam Edwards, 05/24/2013
- [chef] Re: Server 2012/WinRM3 uses different security?, Jeppe Nejsum Madsen, 05/24/2013