Develop Reference

Chef - Installing a Windows Package from a Mapped Drive

I am trying to install a package from a mapped drive. However, chef says my source path is an invalid location even though I know it is the correct location. Do I need to map the drive first, before Chef recognizes the source path? I looked online in a couple places and could not find an answer.
case node['platform']
when 'windows'
windows_package 'QualysCloudAgent' do
source '\\Server#\Location1\Qualys_agent\QualysCloudAgent.exe'
options '-argumentlist "CustomerId={etc...etc...etc..} ActivationId={etc...etc..etc...}"'
installer_type :custom
action :install
end
end
The error that I get when the chef client runs is that the source location is in invalid source, even though I can get to the source location by typing it in on the server itself. Any help would be appreciated. Thank you. Error That I receive is below.
* Source for package QualysCloudAgent does not exist
================================================================================
Error executing action `install` on resource 'windows_package[QualysCloudAgent]'
================================================================================
Chef::Exceptions::Package
-------------------------
Source for package QualysCloudAgent does not exist
Resource Declaration:
---------------------
# In c:/chef/cache/cookbooks/qualys/recipes/qualys_configure.rb
18: windows_package 'QualysCloudAgent' do
19: source '\\Server#\Location1\Qualys_agent\QualysCloudAgent.exe'
20: options '-argumentlist "CustomerId={etc...etc...etc...} ActivationId={etc...etc...etc...}"'
21: installer_type :custom
22: action :install
23: end
24: end
Compiled Resource:
------------------
# Declared in c:/chef/cache/cookbooks/qualys/recipes/qualys_configure.rb:18:in `from_file'
windows_package("QualysCloudAgent") do
package_name "QualysCloudAgent"
action [:install]
default_guard_interpreter :default
declared_type :windows_package
cookbook_name "qualys"
recipe_name "qualys_configure"
source "p:\\Server#\\Location1\\qualys_agent\\qualyscloudagent.exe"
options "-argumentlist \"CustomerId={etc...etc...etc...} ActivationId={etc...etc...etc...}\""
installer_type :custom
end
System Info:
------------
chef_version=14.14.25
platform=windows
platform_version=6.3.9600
ruby=ruby 2.5.7p206 (2019-10-01 revision 67816) [x64-mingw32]
program_name=C:/opscode/chef/bin/chef-client
executable=C:/opscode/chef/bin/chef-client
2020-01-12T22:21:50-08:00] INFO: Running queued delayed notifications before re-raising exception
unning handlers:
2020-01-12T22:21:50-08:00] ERROR: Running exception handlers
unning handlers complete
2020-01-12T22:21:50-08:00] ERROR: Exception handlers complete
hef Client failed. 0 resources updated in 14 seconds
2020-01-12T22:21:51-08:00] FATAL: Stacktrace dumped to c:/chef/cache/chef-stacktrace.out
2020-01-12T22:21:51-08:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
2020-01-12T22:21:51-08:00] FATAL: Chef::Exceptions::Package: windows_package[QualysCloudAgent] (qualys::qualys_configur
line 18) had an error: Chef::Exceptions::Package: Source for package QualysCloudAgent does not exist

Since you're installing a package, it's safe to assume you are running chef-client with elevated permissions. Any network drives you map that are visible in Explorer, will not be usable in an elevated process. You will either need to:
Use the UNC path in place of a letter drive
Map the drive during the Chef run (required if the full UNC path would exceed 255 characters)
If you opt for the latter approach, you can use the mount resource to map a network drive.

Chef: Why am I not reading in the attribute value I just set?

I am getting my toes wet with chef at my job and have been tasked with installing making a recipe to install telegraf on our machines with custom configs. Let me also preface this with I have no ruby experience.
Before downloading or installing telegraf I want to verify that the if telegraf exists to only do all the following work if the versions miss match.
So I have attempted to set an attribute during the recipe runtime that other resources will check against.
ruby_block 'get telegraf version' do
block do
#tricky way to load this Chef::Mixin::ShellOut utilities
Chef::Resource::RubyBlock.send(:include, Chef::Mixin::ShellOut)
command = 'C:\\Program Files\\telegraf\\telegraf.exe --version'
command_out = shell_out(command)
node.default['windows']['telegraf']['installed_version'] = 'good'
end
notifies :write, 'log[log_version]', :delayed
action :run
only_if { ::File.exists?('C:\\Program Files\\telegraf\\telegraf.exe')}
end
log 'log_version' do
message node['windows']['telegraf']['installed_version']
level :error
end
When I look at the output though I see
* ruby_block[get telegraf version] action run[2018-07-23T14:48:11-07:00] INFO: Processing ruby_block[get telegraf version] action run (win-telegraf::telegraf line 26)
[2018-07-23T14:48:11-07:00] INFO: ruby_block[get telegraf version] called
- execute the ruby block get telegraf version
* log[log_version] action write[2018-07-23T14:48:11-07:00] INFO: Processing log[log_version] action write (win-telegraf::telegraf line 39)
[2018-07-23T14:48:11-07:00] ERROR:
So why is it when I read node['windows']['telegraf']['installed_version'] that the log prints nothing instead of 'good'?

Chef uses a two-pass loading system, check out https://coderanger.net/two-pass/ for more details. But the tl;dr for this case is that the stuff inside block do ... end runs in the second phase, while the Ruby code for the log resource is evaluated in the first phase. In general you can fix this using the lazy{} helper, but in this case what you probably want is either a custom resource or an Ohai plugin. For "normal" Windows applications, this is all handled by the MSI subsystem and the windows_package resource, but as Telegraf doesn't offer MSI packages you are a bit out of luck. That said, there are packages available for Chocolatey (a Windows packaging system like Mac's Homebrew) so you might want to look into using that instead of writing this yourself.

Adding a sudoers file in chef fails at verification

goal
I'm trying to add/edit a sudoers file in Chef.
After a lot of serach (and broken sudoers) I found this question and the answer seemed to be exactly what I am after.
My cookbook
So in my chef I added the following visudo cookbook:
The recipe: ~/chef-repo/cookbook/visudo/recipes/allowUpgrade.rb
template '/etc/sudoers.d/allowUpgrade' do
cookbook 'visudo'
source 'allowUpgrade.erb'
owner'root'
group 'root'
mode '0440'
verify "visudo -c -f %{path}"
end
My template: ~/chef-repo/cookbooks/visudo/templates/allowUpgrade.erb
username ALL=(ALL) NOPASSWD: /usr/local/bin/upgrade
Template and verification works manually
When I put this line/file there manually using
sudo nano /etc/sudoers.d/allowUpgrade
(I know one shouldn't) and then verify it using
visudo -c -f /etc/sudoers.d/allowUpgrade
I get
/etc/sudoers.d/allowUpgrade: parsed OK
and it works meaning I can run
sudo upgrade
without beeing prompted for the sudo password.
Verification fails running Chef
However it is not working using Chef. I'm trying it first on the local machine using
sudo chef-client -z --runlist 'recipe[visudo::allowUpgrade]'
But I get this error
Error executing action `create` on resource 'template[/etc/sudoers.d/allowUpgrade]'
Chef::Exceptions::ValidationFailed
Why is the verification failing in chef? What am I doing wrong?
Here the complete error message
Recipe: visudo::allowUpgrade
* template[/etc/sudoers.d/allowUpgrade] action create[2017-12-07T08:24:50+01:00] INFO: Processing template[/etc/sudoers.d/allowUpgrade] action create (visudo:: allowUpgrade line 7)
================================================================================
Error executing action `create` on resource 'template[/etc/sudoers.d/allowUpgrade]'
================================================================================
Chef::Exceptions::ValidationFailed
----------------------------------
Proposed content for /etc/sudoers.d/allowUpgrade failed verification #<Chef::Resource::File::Verification:0x0000000004070c48>
Resource Declaration:
---------------------
# In /home/username/chef-repo/.chef/local-mode-cache/cache/cookbooks/visudo/recipes/allowUpgrade.rb
7: template '/etc/sudoers.d/allowUpgrade' do
8: owner'root'
9: group 'root'
10: mode '0440'
11: source 'allowUpgrade.erb'
12: verify 'visudo -c -f %{path}'
13: end
Compiled Resource:
------------------
# Declared in /home/username/chef-repo/.chef/local-mode-cache/cache/cookbooks/visudo/recipes/allowUpgrade.rb:7:in `from_file'
template("/etc/sudoers.d/allowUpgrade") do
action [:create]
default_guard_interpreter :default
source "allowUpgrade.erb"
declared_type :template
cookbook_name "visudo"
recipe_name "allowUpgrade"
owner "root"
group "root"
mode "0440"
verifications [#<Chef::Resource::File::Verification:0x0000000004070c48 #command_opts={},
#command="visudo -c -f %{path}", #block=nil, #parent_resource=<template[/etc/sudoers.d/allowUpgrade]
#name: "/etc/sudoers.d/allowUpgrade" #before: nil #params: {}
#provider: nil #allowed_actions: [:nothing, :create, :delete, :touch, :create_if_missing]
#action: [:create] #updated: false #updated_by_last_action: false
#source_line: "/home/username/chef-repo/.chef/local-mode-cache/cache/cookbooks/visudo/recipes/allowUpgrade.rb:7:in `from_file'"
#guard_interpreter: nil #default_guard_interpreter: :default
#elapsed_time: 0 #source: "allowUpgrade.erb" #cookbook: nil
#local: false #variables: {} #inline_helper_blocks: {}
#inline_helper_modules: [] #helper_modules: [] #declared_type: :template
#cookbook_name: "visudo" #recipe_name: "allowUpgrade" #owner: "root" #group: "root" #mode: "0440"
#verifications: [...] #path: "/etc/sudoers.d/allowUpgrade">>]
path "/etc/sudoers.d/allowUpgrade"
end
Update:
When I leave the verification out and just do
template '/etc/sudoers.d/allowUpgrade' do
cookbook 'visudo'
source 'allowUpgrade.erb'
owner 'root'
group 'root'
mode '0440'
verify { 1 == 1 }
end
The sudo is broken! In recovery mode and the root console I checked and it looks just the same as when I insert it manually (what works fine)?!

Thanks to the help of Tensibai here in the comments and the hint to lineendings I could finally solve this problem.
Indeed the issue was lineendings as noted in this ancient Issue
I generated the cookbooks, recipes and templates on an Ubuntu Server 16.04 but do all m editing on the repository in Brackets.io on Windows.
This made template (and other) files have CRLF instead of LF lineendings because Brackets seems to use automatically the lineendings of the OS it is running on. This ofcourse made the /etc/sudoers.d/allowUpgrade file brake the sudoers because it has to end in a new line.
After some research I found this was an old known Issue and could be solved by the Plug-In Newline.
After installing this Plug-In indeed I could see that the file had CRLF lineendings.
I switched it to LF thanks to the Plug-In by clicking on the CRLF. Now my cookbook runs as expected and I'm able to run
sudo upgrade
without beeng prompted for the password - meaning it works.

Issues trying to bootstrap Chef for windows client with knife-windows

I am having some problems trying to bootstrap a windows node for Chef. This node was initially able to be partially bootstrapped, it was getting through most of the process but however, failing near the end - on the windows client itself I can see a number of expected files under C:\Chef
However since upgrading my Ruby and Knife-Windows to remedy the original issue - I am now not able to bootstrap at all, I get the error below:
chefadmin#AUK-CHEFMGT1:~$ knife bootstrap windows winrm 10.28.154.61 -x chefadmin -P xxxxxx
/opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/chef-12.5.1/lib/chef/mixin/path_sanity.rb:25:
warning: Insecure world writable dir /usr/local/bin in PATH, mode 040777
Waiting for remote response before bootstrap.10.28.154.61 .
10.28.154.61 Response received.
Remote node responded after 0.01 minutes.
Bootstrapping Chef on 10.28.154.61
ERROR: RuntimeError: Knife-Windows < 1.0 does not support validatorless bootstraps
I've tried a few different versions of knife-windows, initially 1.1.1, and most recently the pre-release version of 1.0.0 rc1, however, they are all giving me this error.
I am not sure why this is a problem, as the validation.pem does exist on the windows client in C:\Chef\
In case it matters, here is my knife.rb config file:
chefadmin#AUK-CHEFMGT1:~$
GNU nano 2.2.6 File: /home/chefadmin/chef-repo/.chef/knife.rb
current_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT
node_name "chefadmin"
client_key "#{current_dir}/ChefRSA.pem"
validation_client_name "company"
validation_key "#{current_dir}/companyvalidator"
chef_server_url "https://10.28.253.101/organizations/company"
syntax_check_cache_path "#{ENV['HOME']}/.chef/syntaxcache"
cookbook_path ["#{current_dir}/../cookbooks"]

"#{current_dir}/companyvalidator" Does that file exist? Usually that would be something ending in .pem. If that path isn't a thing, it would fall back to new-style bootstrapping which I don't think works on Windows yet.

How to debug Errno::EIO error in Chef recipe using Chef::Provider::Git

I'm trying to use chef to check out a git repo to a windows client node.
This seems simple enough and I've got the following resource definition:
git "C:\\pathtocheckout" do
repo "https://gitserver/repo.git"
action [ :checkout, :sync]
end
But when this is reached by chef-client I get:
Errno::EIO: git[C:\pathtocheckout] (cookbook_name::test line 21) had an error: Errno::EIO: Input/output error - CreateProcessW
I've had a look at the stacktrace produced and it appears to be something to do with creating a process to run the git command - but this is the limit of my knowledge.
I've made sure git is installed on on Path, removed all other recipes from the run list, running as a different admin user and I've tried different repositories but all with the same error.
So I'm pretty stumped - anyone got a way I can dig into this error and see what is going on?