To teach is to learn...
...or something along these lines. "How do I manage reboots with chef-client on Windows" is a question I hear every so often.
So, this time around, I decided to buckle down and write down as many ways as I could remember to reboot a server and continue a chef-client run. No mucking around with the run_list, or messing around with multiple run_lists, definitely no manual steps, and most definitely no knife exec.
Here is my brain child - input and feedback are most welcome!
https://github.com/vinyar/chef_win_reboots
In my experience I found a couple of common situations where Windows needs to be defibrillated -
- something has been installed and reboot is needed
- a bunch of somethings have been installed and reboot is needed
- something needs to be installed and a reboot is pending
- a series of somethings needs to be installed and they have various reboot state requirements
- a week has passed since a reboot has been performed
- server joined a domain
With Chef managing your infrastructure there is a new reboot scenario:
- reboot immediately without aborting a chef-client run
The patterns in the Github repo allow users to manage reboots at the resource level, or as a wrapper cookbook pattern.
A real example can be seen in pattern two - which was really the genesis for this repo from way back when - https://github.com/vinyar/chef_win_reboots/blob/master/reboot_demo/recipes/pattern2.rb
Alex,
ReplyDeleteGreat write up. You have every instance of a pending reboot that I can think of except for installing multiple patches with /quite /norestart. I normally zip up the patches and create a .cmd, then call the .cmd from a batch recipe (https://github.com/pigram86/cookbook-w2k8_postsp1hotfixes). At the end of the .cmd, I provide a shutdown /r as {reboot_pending?} doesn't catch it. Also on pattern2.rb, all clients after 11.12 have an issue with RDSH and continuing the run. I insert a windows_task job to create a chef-client every 15 minutes prior to the RDSH section being run. I use this https://github.com/pigram86/cookbook-win_tasks for the win tasks. I have found that its best to use a domain service account to set the task. I use attribute files (one of each domain) for username and passwords, as well as a recipe per domain. Cumbersome, but it works. Without this, I would have to either repair the Client or uninstall/reinstall.
Todd, thanks. I made a few changes to the repo to make usecase clearer. Also, the windows_feature in the windows cookbook allows for easy installations with /noreboot flag out of the box.
ReplyDeleteBTW. I think this may be the first real reply on this blog (achievement unlocked) :p
Alex, I have actually broken this up a bit more thanks to berkshelf. I have a base default server, then the win_task, then the RDSH install, then XenDesktop 7.6 VDA, then applications.
ReplyDeleteexample of default server
if node[:os_version] >= '6.2'
%w{ File-Services CoreFileServer WindowsServerBackup NetFx3ServerFeatures NetFx3 ServerManager-Core-RSAT ServerManager-Core-RSAT-Role-Tools RSAT-AD-Tools-Feature RSAT-ADDS-Tools-Feature }.each do |feature|
windows_feature feature do
action :install
not_if {reboot_pending?}
end
end
else
powershell_script "default" do
code <<-EOH
Import-Module ServerManager
Add-WindowsFeature FS-FileServer
Add-WindowsFeature Backup
Add-WindowsFeature Backup-Tools
Add-WindowsFeature Net-Framework-Core
Add-WindowsFeature Powershell-ISE
Add-WindowsFeature WSRM
Add-WindowsFeature GPMC
Add-WindowsFeature RSAT-AD-Tools
Add-WindowsFeature RSAT-ADDS-Tools
EOH
not_if {reboot_pending?}
end
end
windows_reboot 30 do
reason 'A System Restart has been requested. Rebooting now..'
only_if {reboot_pending?}
end