Wednesday, February 25, 2015

Single chef-client run with multiple reboots on Windows

To teach is to learn...

...or something along these lines. "How do I manage reboots with chef-client on Windows" is a question I hear every so often. 

So, this time around, I decided to buckle down and write down as many ways as I could remember to reboot a server and continue a chef-client run. No mucking around with the run_list, or messing around with multiple run_lists, definitely no manual steps, and most definitely no knife exec.

Here is my brain child - input and feedback are most welcome!

In my experience I found a couple of common situations where Windows needs to be defibrillated -
  • something has been installed and reboot is needed
  • a bunch of somethings have been installed and reboot is needed
  • something needs to be installed and a reboot is pending
  • a series of somethings needs to be installed and they have various reboot state requirements
  • a week has passed since a reboot has been performed
  • server joined a domain

With Chef managing your infrastructure there is a new reboot scenario:
  • reboot immediately without aborting a chef-client run

The patterns in the Github repo allow users to manage reboots at the resource level, or as a wrapper cookbook pattern.

A real example can be seen in pattern two - which was really the genesis for this repo from way back when -

Patterns with cats:


  1. Alex,

    Great write up. You have every instance of a pending reboot that I can think of except for installing multiple patches with /quite /norestart. I normally zip up the patches and create a .cmd, then call the .cmd from a batch recipe ( At the end of the .cmd, I provide a shutdown /r as {reboot_pending?} doesn't catch it. Also on pattern2.rb, all clients after 11.12 have an issue with RDSH and continuing the run. I insert a windows_task job to create a chef-client every 15 minutes prior to the RDSH section being run. I use this for the win tasks. I have found that its best to use a domain service account to set the task. I use attribute files (one of each domain) for username and passwords, as well as a recipe per domain. Cumbersome, but it works. Without this, I would have to either repair the Client or uninstall/reinstall.

  2. Todd, thanks. I made a few changes to the repo to make usecase clearer. Also, the windows_feature in the windows cookbook allows for easy installations with /noreboot flag out of the box.

    BTW. I think this may be the first real reply on this blog (achievement unlocked) :p

  3. Alex, I have actually broken this up a bit more thanks to berkshelf. I have a base default server, then the win_task, then the RDSH install, then XenDesktop 7.6 VDA, then applications.

    example of default server
    if node[:os_version] >= '6.2'
    %w{ File-Services CoreFileServer WindowsServerBackup NetFx3ServerFeatures NetFx3 ServerManager-Core-RSAT ServerManager-Core-RSAT-Role-Tools RSAT-AD-Tools-Feature RSAT-ADDS-Tools-Feature }.each do |feature|
    windows_feature feature do
    action :install
    not_if {reboot_pending?}
    powershell_script "default" do
    code <<-EOH
    Import-Module ServerManager
    Add-WindowsFeature FS-FileServer
    Add-WindowsFeature Backup
    Add-WindowsFeature Backup-Tools
    Add-WindowsFeature Net-Framework-Core
    Add-WindowsFeature Powershell-ISE
    Add-WindowsFeature WSRM
    Add-WindowsFeature GPMC
    Add-WindowsFeature RSAT-AD-Tools
    Add-WindowsFeature RSAT-ADDS-Tools
    not_if {reboot_pending?}

    windows_reboot 30 do
    reason 'A System Restart has been requested. Rebooting now..'
    only_if {reboot_pending?}


Comments are welcomed and appreciated.