|
Hi Adam, Thanks for that, it seems to have helped. Authenticating via AD seems to be working ok. I’m now getting an error saying the dir isn’t there (which is clearly is – I have checked the paths). I think it’s looking for the path on the local system rather that the remote one. I suspect this is me messing up some syntax
J Here is the section out of the recipe: “ # Dll drop filename (in full, no path) # ie fname = "7.1_HF05_Overlay_SAML_fix.zip" fname = "7.1_HF05_Overlay_SAML_fix.zip" path = "file://#{managementServer}/server.installs/dll.drops/#{fname}" remote_file "d:\\installs\\#{fname}" do source path end ” Here is the error: “ remote_file("d:\installs\7.1_HF05_Overlay_SAML_fix.zip") do Win-Node2 provider Chef::Provider::RemoteFile Win-Node2 action "create" Win-Node2 retries 0 Win-Node2 retry_delay 2 Win-Node2 guard_interpreter :default Win-Node2 path "d:\\installs\\7.1_HF05_Overlay_SAML_fix.zip" Win-Node2 backup 5 Win-Node2 atomic_update true Win-Node2 source ["file://ATLQ-CHEF01.airwatch.qa/server.installs/dll.drops/7.1_HF05_Overlay_SAML_fix.zip"] Win-Node2 use_etag true Win-Node2 use_last_modified true Win-Node2 cookbook_name "AW_DLLDrop" Win-Node2 recipe_name "default" Win-Node2 end Win-Node2 [2014-08-06T13:41:36-04:00] FATAL: Stacktrace dumped to c:/chef/cache/chef-stacktrace.out DEBUG: :relay_output_from_backend => ["Win-Node2", "[2014-08-06T13:41:36-04:00] FATAL: Errno::ENOENT: remote_file[d:\\installs\\7.1_HF05_Overlay_SAML_fix.zip] (AW_DLLDrop::default line
28) had an error: Errno::ENOENT: No such file or directory - /server.installs/dll.drops/7.1_HF05_Overlay_SAML_fix.zip\r\n"] ” From: Adam Edwards [mailto:
Hmm – so you are running Chef remotely via WinRM? If that’s the case, you should add credssp to your winrm listener. You can do that with powershell by setting the value below to true: ls WSMan:\localhost\Service\Auth\CredSSP # if that shows false, you can set it to true: si
WSMan:\localhost\Service\Auth\CredSSP $true That should allow your credentials to do one extra hop off the machine. Hi Adam, It’s windows to windows. Only the Chef server is Linux but that has little to do with anything (I think/hope). Without Chef involvement the shares are perfectly accessible, even using the user account that chef client is run as. Firewall is off completely and I’m using AD creds and local creds. When Chef run is performed against the two windows nodes, one will complete successfully (it is the node hosting the share) and the other node
will fail with ‘authentication failed – password incorrect’ (which I think is a catch-all error). The security log of the second node shows authentication error with a null sid. The first node (hosting the share) shows no errors. The security of the D:\installs folder also show effective permissions as full control for both ad login and local account. I’m wondering if it’s something to do with the user that the chef client is run as on each node? Maybe machine localsystem? Does chef-client run with the creds that winrm provides to it or do those creds simply
auth against WinRM and then localsystem takes over? Chef-Client is being run on-demand, it is not installed as a service due to the way we will be using Chef. Thanks Chris Christopher, to clarify a few things here: 1.
Are you copying from a windows machine to a windows machine? Or is one of the systems a Linux system 2.
You’re saying that even without any Chef / Ruby involved you can’t access the share? If those things are true, I’d try the following: 1.
Turn off the firewall 2.
Try using credentials for a local account as well as a domain credentials 3.
Check the security log to see if you get an audit event for a failed logon -Adam Hi Chefs I’m having trouble again
J I’m trying to copy a file from a share on a windows server from a target node via chef. The purpose for it to copy dll drop files from a share and dumped into d:\installs so it can later be unzipped. At the moment I am having issues trying
to connect to the share. I’ve tried running the chef run as a local admin on the target node (which used to work), using AD creds and also a different local account to no avail. The linux server was recently added to our domain, but this was failing before that happened. I’ve tried a batch file mapping a drive then copy, a powershell script doing the same, native ruby and now this remote file resource. Same error everytime, it looks like a permissions error on Windows, but the file share is currently set
full permission to everyone on both Share permissions and filesystem permissions. I’m seeing NULL_SID event log entries where the auth fails, but this is on the target node, not the one that hosts the share. Can any offer anything to look at? Chef server is Ubuntu 14.04 using PBIS to auth via AD (might I need Samba installing now AD is in use for Auth?) Windows nodes are running Server 2008R2 patched up-to-date. All are VM’s. All one the same AD and DNS domain. “myserver DEBUG: :relay_output_from_backend => ["Win-Node2", "================================================================================\r\nError
executing action `create` on resource 'remote_file[d:\\installs\\7.1_HF05_Overlay_SAML_fix.zip]'\r\n================================================================================\r\n\r\nErrno::EACCES\r\n-------------\r\nPermission denied - //targetserver//server.installs//dll.drops//7.1_HF05_Overlay_SAML_fix.zip\r\n\r\nResource
Declaration:\r\n---------------------\r\n# In c:/chef/cache/cookbooks/AW_DLLDrop/recipes/default.rb\r\n\r\n 27: remote_file \"d:\\\\installs\\\\\#{fname}\" do \r\n 28: source \"file:////\#{managementServer}//server.installs//dll.drops//\#{fname}\"\r\n
29: end\r\n 30: \r\n\r\nCompiled Resource:\r\n------------------\r\n# Declared in c:/chef/cache/cookbooks/AW_DLLDrop/recipes/default.rb:27:in `from_file'\r\n\r\nremote_file(\"d:\\installs\\7.1_HF05_Overlay_SAML_fix.zip\") do\r\n provider Chef::Provider::RemoteFile\r\n
action \"create\"\r\n retries 0\r\n retry_delay 2\r\n guard_interpreter :default\r\n path \"d:\\\\installs\\\\7.1_HF05_Overlay_SAML_fix.zip\"\r\n backup 5\r\n atomic_update true\r\n source [\"file:////targetserver//server.installs//dll.drops//7.1_HF05_Overlay_SAML_fix.zip\"]\r\n
use_etag true\r\n use_last_modified true\r\n cookbook_name \"AW_DLLDrop\"\r\n recipe_name \"default\"\r\nend\r\n\r\n"]” Thanks Chris |
Archive powered by MHonArc 2.6.16.