[chef] RE: RE: RE: Re: RE: RE: RE: Re: RE: Re: Idempotent IIS


Chronological Thread 
  • From: Adam Edwards < >
  • To: Kenneth Barry < >,
  • Subject: [chef] RE: RE: RE: Re: RE: RE: RE: Re: RE: Re: Idempotent IIS
  • Date: Mon, 24 Feb 2014 11:52:59 -0800

Kenneth, currently guard expressions that use strings (i.e. not_if followed by a string, not curly braces) are executed as batch scripts via cmd.exe (this cmd.exe thing is something I am proposing we change, see pointers to an RFC earlier in the thread if you are interested in that side conversation). So you do need to have powershell.exe in the path – it should already be there since Windows ships that way (and if you install powershell it will add it to the path).

 

You could also look at Kapil’s solution since it is working for him – it essentially does the same thing, as my example, but runs the powershell script code outside the context of the resource, assigns the value to a Ruby variable, and then evaluates that variable in the not_if guard as a Ruby _expression_ rather than a script to be interpreted by cmd.exe.

 

-Adam

 

From: Kenneth Barry [mailto: "> ]
Sent: Monday, February 24, 2014 10:31 AM
To: ">
Cc: ">
Subject: Re: [chef] RE: RE: Re: RE: RE: RE: Re: RE: Re: Idempotent IIS

 

not_if 'powershell -noninteractive -noprofile -command "exit [int32]((Get-WindowsFeature –Name Web-Server) -eq $null)"’


As i read this is will not perform the code ( configure iis) if there is no windows feature names web-server..

I see the context.

 Thanks for the feedback, I am going to give this a shot. not_if figures out the context required to run the command? Do i need to have  powershell.exe's location in my environment path? Sorry for the new question, there may be a lot of "granted" knowledge from a little experience that I still lack.

 

 

On Mon, Feb 24, 2014 at 10:13 AM, Kapil Shardha < " target="_blank"> > wrote:

Adam,

 

The example that I suggested (with powershell_out) worked for me.

 

-Kapil

 

 

 

From: Adam Edwards [mailto: " target="_blank"> ]
Sent: Monday, February 24, 2014 1:09 PM
To: " target="_blank">
Subject: [chef] RE: Re: RE: RE: RE: Re: RE: Re: Idempotent IIS

 

Kenneth, I would start with Kapil’s example below (Kapil, did you verify that it worked for you?). Here’s the full context of my example, which was not about iis, but about setting execution policy:

 

# Sets x64 execution policy to remote signed, but only if it’s not already set

powershell_script "set execution policy" do

  code "set-executionpolicy remotesigned"

  not_if 'powershell -noninteractive -noprofile -command "exit [int32]((Get-ExecutionPolicy) -eq 'RemoteSigned')"'

end

 

So the approach is to use the exit command in PowerShell to set a non-zero (i.e. failed) process exit code when we identify a condition in which the resource should run. The non-zero exit code is interpreted by not_if as “false,” and therefore the resource will be executed. See this part of the docs for more on how “guard” expressions like not_if can be used to provide idempotence where needed: http://docs.opscode.com/resource_common.html.

 

-Adam

 

From: Kenneth Barry [mailto: " target="_blank"> ]
Sent: Monday, February 24, 2014 9:58 AM
To: " target="_blank">
Subject: [chef] Re: RE: RE: RE: Re: RE: Re: Idempotent IIS

 

Adam, re: the example:

not_if 'powershell -noninteractive -noprofile -command "exit [int32]((Get-ExecutionPolicy) -eq 'RemoteSigned')"'

I'm new enough to chef to see how this works, but not see where i would "place it".

I've never used nor seen a not_if. Do you have a link to an exanded use-case example?

 

On Fri, Feb 21, 2014 at 12:13 PM, Kapil Shardha < " target="_blank"> > wrote:

That is a good idea! I was suggesting something like this:

 

 

# ---------- 1. Install IIS Role, if not already installed ----------

script =<<-EOF

               

                $x = Get-WindowsFeature -name "Web-Server"

                $status = 0

                if($x -ne $null)

                {

                                $installed = $x.Installed

                                if($installed -eq $false)

                                {

                                                $status = 1

                                }

                                else

                                {

                                                $status = 0

                                }

               

                }

                return $status

 

EOF

 

cmd = powershell_out(script)

 

x = cmd.stdout.chop

 

powershell_script "Install_IIS" do

                code <<-EOH

               

               

                Install-WindowsFeature -name "Web-Server" -IncludeManagementTools -IncludeAllSubFeature

               

                EOH

                only_if { x == '1' }

                end

 

 

-Kapil

 

 

 

 

 

 

From: Adam Edwards [mailto: " target="_blank"> ]
Sent: Friday, February 21, 2014 3:09 PM
To: " target="_blank">
Subject: [chef] RE: RE: Re: RE: Re: Idempotent IIS

 

Seems like you can do this without powershell_out – you can coerce powershell to return an exit code using the exit command in powershell – here’s an example:

 

  not_if 'powershell -noninteractive -noprofile -command "exit [int32]((Get-ExecutionPolicy) -eq 'RemoteSigned')"'

 

The above guard will cause the resource to not execute if powershell’s execution policy is set to remotesigned.

 

Somewhat related, here is a proposal to make it easier to use powershell and other script resources in guard expressions:

 

https://github.com/opscode/chef-rfc/blob/adamed/resource-guard/rfc0001-resource-guard.md

 

-Adam

 

From: Kapil Shardha [mailto: " target="_blank"> ]
Sent: Friday, February 21, 2014 12:02 PM
To: " target="_blank">
Subject: [chef] RE: Re: RE: Re: Idempotent IIS

 

Chef resources do not return a value (as far as I know). You will have to use “powershell_out” to check for certain condition and based on what it returns you can trigger the iis_config resource.

 

-Kapil

 

 

From: Kenneth Barry [ " target="_blank">mailto: ]
Sent: Friday, February 21, 2014 2:58 PM
To: " target="_blank">
Subject: [chef] Re: RE: Re: Idempotent IIS

 

Can I use powershell to check the settings, but if the powershell indicates they are different than what they should be, have the iis cookbook sections run again?

Something like

powershell_script "checking setting #1"

(check if settings are the same)

iis_config

only do this is "checking setting #1" returned false.

This is more of a capability/syntax question.

 

On Fri, Feb 21, 2014 at 11:54 AM, Kapil Shardha < " target="_blank"> > wrote:

I ran into same issue when I started using IIS cookbook. I had to write my own cookbook with powershell script in it to do the job.I used guards to ensure idempotency.

 

Kapil



-------- Original message --------
From: Stephen Nelson-Smith
Date:02/21/2014 2:37 PM (GMT-05:00)
To: " target="_blank">
Subject: [chef] Re: Idempotent IIS

Hi,

 

On 21 February 2014 19:31, Kenneth Barry < " target="_blank"> > wrote:

 

Question:

How are (those of you who are working in Windows/IIS), ensuring Idempotent Recipes for configuring IIS?

 

On occasions where the community cookbook doesn't provide idempotent resources, I call out to powershell, and add a guard where needed.

S.




--
Stephen Nelson-Smith,
Founder, Principal Consultant,
Atalanta Systems Ltd,
Web: http://agilesysadmin.net
Twitter: @lordcope
Skype: atalanta.systems
Direct: +44 (0) 1329 550203
Mobile: +44 (0) 7917 101919

Atalanta Systems: The Agile Infrastructure Enablers
http://atalanta-systems.com

 



This email and any accompanying documents may contain privileged or otherwise confidential information of, and/or is the property of Education Management Solutions, Inc. If you are not the intended recipient, please immediately advise the sender by reply email & delete the message & any attachments without using, copying or disclosing the contents. Thank you.

 

 



This email and any accompanying documents may contain privileged or otherwise confidential information of, and/or is the property of Education Management Solutions, Inc. If you are not the intended recipient, please immediately advise the sender by reply email & delete the message & any attachments without using, copying or disclosing the contents. Thank you.

 



This email and any accompanying documents may contain privileged or otherwise confidential information of, and/or is the property of Education Management Solutions, Inc. If you are not the intended recipient, please immediately advise the sender by reply email & delete the message & any attachments without using, copying or disclosing the contents. Thank you.

 

 



This email and any accompanying documents may contain privileged or otherwise confidential information of, and/or is the property of Education Management Solutions, Inc. If you are not the intended recipient, please immediately advise the sender by reply email & delete the message & any attachments without using, copying or disclosing the contents. Thank you.

 




Archive powered by MHonArc 2.6.16.

§