I see two issues below:
1. You might try including –scope in your get-executionpolicy – I remember hitting issues without that, and all my cookbooks include this for a very similar scenario
2. I believe the not_if for your 64-bit _expression_ will always run a 32-bit cmd.exe (and powershell.exe) and thus give you a 32-bit answer. You can try using “sysnative” instead of ‘system32’ to get around this (sysnative is doc’d on msdn).
However, I can also think of some other ways to do this – if you’re using Chef 11.12 or later, you can use the guard_interpreter attribute (http://docs.opscode.com/resource_common.html) to write a simpler _expression_ – this one sets 64-bit execution policy to remotesigned:
powershell_script "set execution policy" do
guard_interpreter :powershell_script
code "set-executionpolicy -scope localmachine remotesigned"
not_if "(get-executionpolicy -scope localmachine) -eq 'remotesigned'"
end
The above would handle it for x64, just add architecture to do it for x86 (aka i386) – the guard inherits the i386-ness:
powershell_script "set execution policy" do
guard_interpreter :powershell_script
architecture :i386
code "set-executionpolicy -scope localmachine remotesigned"
not_if "(get-executionpolicy -scope localmachine) -eq 'remotesigned'"
end
-Adam
I’m noticing a really odd behavior with not_if statements on Windows and I was curious if anyone else had run into a similar situation. I’m trying to set powershell execution policy to unrestricted with Chef using the following resources:
execute 'set 64bit powershell execution to unrestricted' do
command '%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force'
not_if { `%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe Get-ExecutionPolicy`.include?('Unrestricted') }
execute 'set 32bit powershell execution to unrestricted' do
command '%SystemRoot%\syswow64\WindowsPowerShell\v1.0\powershell.exe Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force'
not_if { `%SystemRoot%\\syswow64\\WindowsPowerShell\\v1.0\\powershell.exe Get-ExecutionPolicy`.include?('Unrestricted') }
The trouble is the resources are always skipped. If I run the following from cmd as the Administrator I get back ‘restricted’ as expected:
%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe Get-ExecutionPolicy
If I fire up IRB I get a completely different answer:
irb(main):019:0> `%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe Get-ExecutionPolicy`
I noticed that if I echo the architecture in IRB I get 32bit, while I get 64bit back from the command prompt. It seems like I should still back the correct answer since I’m trying to execute against 32bit powershell, but clearly something is wrong here. Any advice?
The information in this message may be confidential. It is intended solely for
the addressee(s). If you are not the intended recipient, any disclosure,
copying or distribution of the message, or any action or omission taken by you
in reliance on it, is prohibited and may be unlawful. Please immediately
contact the sender if you have received this message in error.