Kenneth, currently guard expressions that use strings (i.e. not_if followed by a string, not curly braces) are executed as batch scripts via cmd.exe (this cmd.exe thing is something I am proposing we change, see pointers to an RFC earlier in the thread if you are interested in that side conversation). So you do need to have powershell.exe in the path – it should already be there since Windows ships that way (and if you install powershell it will add it to the path).
You could also look at Kapil’s solution since it is working for him – it essentially does the same thing, as my example, but runs the powershell script code outside the context of the resource, assigns the value to a Ruby variable, and then evaluates that variable in the not_if guard as a Ruby _expression_ rather than a script to be interpreted by cmd.exe.
-Adam
From: Kenneth Barry [mailto:
">
]
Sent: Monday, February 24, 2014 10:31 AM To:
">
Cc:
">
Subject: Re: [chef] RE: RE: Re: RE: RE: RE: Re: RE: Re: Idempotent IIS
not_if 'powershell -noninteractive -noprofile -command "exit [int32]((Get-WindowsFeature –Name Web-Server) -eq $null)"’
As i read this is will not perform the code ( configure iis) if there is no windows feature names web-server..
Thanks for the feedback, I am going to give this a shot. not_if figures out the context required to run the command? Do i need to have powershell.exe's location in my environment path? Sorry for the new question, there may be a lot of "granted" knowledge from a little experience that I still lack.
On Mon, Feb 24, 2014 at 10:13 AM, Kapil Shardha <
" target="_blank">
> wrote:
Adam,
The example that I suggested (with powershell_out) worked for me.
Kenneth, I would start with Kapil’s example below (Kapil, did you verify that it worked for you?). Here’s the full context of my example, which was not about iis, but about setting execution policy:
# Sets x64 execution policy to remote signed, but only if it’s not already set
powershell_script "set execution policy" do
code "set-executionpolicy remotesigned" not_if 'powershell -noninteractive -noprofile -command "exit [int32]((Get-ExecutionPolicy) -eq 'RemoteSigned')"'
end
So the approach is to use the exit command in PowerShell to set a non-zero (i.e. failed) process exit code when we identify a condition in which the resource should run. The non-zero exit code is interpreted by not_if as “false,” and therefore the resource will be executed. See this part of the docs for more on how “guard” expressions like not_if can be used to provide idempotence where needed: http://docs.opscode.com/resource_common.html.
-Adam
From: Kenneth Barry [mailto:
" target="_blank">
]
Sent: Monday, February 24, 2014 9:58 AM To:
" target="_blank">
Subject: [chef] Re: RE: RE: RE: Re: RE: Re: Idempotent IIS
Adam, re: the example:
not_if 'powershell -noninteractive -noprofile -command "exit [int32]((Get-ExecutionPolicy) -eq 'RemoteSigned')"'
I'm new enough to chef to see how this works, but not see where i would "place it".
I've never used nor seen a not_if. Do you have a link to an exanded use-case example?
On Fri, Feb 21, 2014 at 12:13 PM, Kapil Shardha <
" target="_blank">
> wrote:
That is a good idea! I was suggesting something like this:
# ---------- 1. Install IIS Role, if not already installed ----------
script =<<-EOF
$x = Get-WindowsFeature -name "Web-Server"
$status = 0 if($x -ne $null)
{ $installed = $x.Installed
if($installed -eq $false)
{ $status = 1
} else
{ $status = 0
}
} return $status
EOF
cmd = powershell_out(script)
x = cmd.stdout.chop
powershell_script "Install_IIS" do
code <<-EOH
Install-WindowsFeature -name "Web-Server" -IncludeManagementTools -IncludeAllSubFeature
EOH
only_if { x == '1' } end
-Kapil
Seems like you can do this without powershell_out – you can coerce powershell to return an exit code using the exit command in powershell – here’s an example:
not_if 'powershell -noninteractive -noprofile -command "exit [int32]((Get-ExecutionPolicy) -eq 'RemoteSigned')"'
The above guard will cause the resource to not execute if powershell’s execution policy is set to remotesigned.
Somewhat related, here is a proposal to make it easier to use powershell and other script resources in guard expressions:
https://github.com/opscode/chef-rfc/blob/adamed/resource-guard/rfc0001-resource-guard.md
-Adam
Chef resources do not return a value (as far as I know). You will have to use “powershell_out” to check for certain condition and based on what it returns you can trigger the iis_config resource.
-Kapil
From: Kenneth Barry [
" target="_blank">mailto:
]
Sent: Friday, February 21, 2014 2:58 PM To:
" target="_blank">
Subject: [chef] Re: RE: Re: Idempotent IIS
Can I use powershell to check the settings, but if the powershell indicates they are different than what they should be, have the iis cookbook sections run again?
Something like powershell_script "checking setting #1" (check if settings are the same)
iis_config only do this is "checking setting #1" returned false. This is more of a capability/syntax question.
On Fri, Feb 21, 2014 at 11:54 AM, Kapil Shardha <
" target="_blank">
> wrote:
I ran into same issue when I started using IIS cookbook. I had to write my own cookbook with powershell script in it to do the job.I used guards to ensure idempotency.
-------- Original message -------- From: Stephen Nelson-Smith
Date:02/21/2014 2:37 PM (GMT-05:00) To:
" target="_blank">
Subject: [chef] Re: Idempotent IIS
Hi,
On 21 February 2014 19:31, Kenneth Barry <
" target="_blank">
> wrote:
How are (those of you who are working in Windows/IIS), ensuring Idempotent Recipes for configuring IIS? On occasions where the community cookbook doesn't provide idempotent resources, I call out to powershell, and add a guard where needed.
-- Stephen Nelson-Smith, Founder, Principal Consultant, Atalanta Systems Ltd, Web: http://agilesysadmin.net
Twitter: @lordcope Skype: atalanta.systems Direct: +44 (0) 1329 550203 Mobile: +44 (0) 7917 101919
Atalanta Systems: The Agile Infrastructure Enablers http://atalanta-systems.com
This email and any accompanying documents may contain privileged or otherwise confidential information of, and/or is the property of Education Management Solutions, Inc. If you are not the intended recipient, please immediately advise the sender by reply email & delete the message & any attachments without using, copying or disclosing the contents. Thank you.
This email and any accompanying documents may contain privileged or otherwise confidential information of, and/or is the property of Education Management Solutions, Inc. If you are not the intended recipient, please immediately advise the sender by reply email & delete the message & any attachments without using, copying or disclosing the contents. Thank you.
This email and any accompanying documents may contain privileged or otherwise confidential information of, and/or is the property of Education Management Solutions, Inc. If you are not the intended recipient, please immediately advise the sender by reply email & delete the message & any attachments without using, copying or disclosing the contents. Thank you.
This email and any accompanying documents may contain privileged or otherwise confidential information of, and/or is the property of Education Management Solutions, Inc. If you are not the intended recipient, please immediately advise the sender by reply email & delete the message & any attachments without using, copying or disclosing the contents. Thank you.
|