Chef-client need to be executed as user via powershell

Hi all,

I have been asked to work on a cookbook development on a windows env. I have one coookbook which is parent and other cookbook is the child. when i execute a parent cookbook, child cookbook need to be executed via power shell as a normal user. I tried to create a cookbook and using powershell, used the chef-client executed the child cookbook. Parent cookbook will create a New directory at temp and child will create application config files. parent cookbook will be executed as a user with admin previledges and child will be executed as an iis user. 

I executed the parent cookbook, it created the temp\IIS. then powershell opens up and cookbook gets executed. but it does not create a config files under temp\IIS.

I am not sure if the chef-client can be run as a normal(IIS user) but it does not show any error when i execute the parent cookbook. it executes perfectly.

power shell code

Parent cookbook

directory 'temp\IIS' do
action: create

powershell 'config iis creation' do
code <<-EOH
$User = "iisuser"
$Passwd = convertTo-SecureString -String "XXXXXXXXXX" -AsPlainText -Force
$creds = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User $Passwd
$ Start-Process powershell -Credential $creds -ArguementList { chef-client -z -o "child cookbook"}

Any suggestion on this is highly appreciated. is start-process is not going to help is there any way/option i can able to start the chef-client as iisuser

Hi Raj

Sorry, but i'm not understand why cookbook is calling another cookbook using PowerShell.

Have you looked at the Role cookbook pattern? In the Role - or Parent - cookbook call the other cookbook with include_recipe[cookbook_name::recipe_name].

Hope this helps.

Can that child cookbook be executed as an user say iisuser using include_recipe. That is what my requirement is.My parent cookbook runs as a a user with admin access, but the child should run as normal IIS user.

What kinda of things are you doing with the ‘child’ cookbook that have to be executed by ‘iisuser’?

Having used Chef to configure IIS before, I’m wondering what is in the child cookbook that has to be run in the way you are trying to.


Just a configuration for IIS using that user.

Now granted, I used the ‘IIS’ cookbook from the Supermarket, and without knowing if you are and if that then would be an option for you.

But could you consider just letting Chef lay down whatever the IIS configurations you are wanting, then add additional resources to fix any ACL/permissions you want/need the ‘iisuser’ to have?

Its been a minute since I actually worked with these cookbooks or configuring IIS, but the main things I recall needing ACL/permission wise in IIS was the Application pool user, the folders where the IIS code resides, and if it is .NET, we used to have to tweak on the .NET Temp directory.

Long story short I would try to eliminate trying to run the child cookbook as a user in a underlying task of some kind.