The log shows that it did process the powershell_script resource. Did it create a file?
-Kapil
From: Kenneth Barry [mailto:kbarry-x@tunein.com]
Sent: Monday, February 24, 2014 3:59 PM
To: Adam Edwards
Cc: chef@lists.opscode.com
Subject: [chef] Re: RE: RE: Re: RE: RE: RE: Re: RE: Re: Idempotent IIS
powershell_script “write test file without clobber” do
code <<-EOB
get-process | select -first 5 | out-file c:\testexp.txt
EOB
not_if ‘powershell -noninteractive -noprofile -command “exit [int32](test-path c:\testexp.txt)”’
end
I expect this to write a few lines to c:\testexp.txt IF there is no file at that path already.
Im not familiar with the use of the exit command as you have used it.
output of chef-client
[2014-02-24T15:51:44-05:00] INFO: *** Chef 11.8.2 ***
[2014-02-24T15:51:44-05:00] INFO: Chef-client pid: 3716
[2014-02-24T15:51:48-05:00] WARN: unable to detect ip6address
[2014-02-24T15:52:19-05:00] INFO: Run List is [recipe[poshMover::exetest]]
[2014-02-24T15:52:19-05:00] INFO: Run List expands to [poshMover::exetest]
[2014-02-24T15:52:19-05:00] INFO: Starting Chef Run for pa02devops01.tunein.corp
[2014-02-24T15:52:19-05:00] INFO: Running start handlers
[2014-02-24T15:52:19-05:00] INFO: Start handlers complete.
[2014-02-24T15:52:20-05:00] INFO: HTTP Request Returned 404 Object Not Found:
[2014-02-24T15:52:20-05:00] INFO: Loading cookbooks [poshMover]
[2014-02-24T15:52:20-05:00] INFO: Storing updated cookbooks/poshMover/recipes/exetest.rb in the cac
he.
[2014-02-24T15:52:20-05:00] INFO: Processing powershell_script[write test file without clobber] act
ion run (poshMover::exetest line 12)
[2014-02-24T15:52:21-05:00] INFO: Chef Run complete in 1.156254 seconds
[2014-02-24T15:52:21-05:00] INFO: Running report handlers
[2014-02-24T15:52:21-05:00] INFO: Report handlers complete
troubleshooting this is tricky because i can’t tell if it tried running the code block or not, because it might be trying, but he codeblock isnt janky, and needs fixing, . Is there something in the results that will indicate if it tried the code or not?
On Mon, Feb 24, 2014 at 12:26 PM, Kenneth Barry <kbarry-x@tunein.commailto:kbarry-x@tunein.com> wrote:
I’m going to go with your method Adam, as I am still getting my hear wrapped around ruby enough to really understand whats getting passed where 
Neither of these are how it might be in the future, but its pretty close
On Mon, Feb 24, 2014 at 11:52 AM, Adam Edwards <adamed@getchef.commailto:adamed@getchef.com> wrote:
Kenneth, currently guard expressions that use strings (i.e. not_if followed by a string, not curly braces) are executed as batch scripts via cmd.exe (this cmd.exe thing is something I am proposing we change, see pointers to an RFC earlier in the thread if you are interested in that side conversation). So you do need to have powershell.exe in the path - it should already be there since Windows ships that way (and if you install powershell it will add it to the path).
You could also look at Kapil’s solution since it is working for him - it essentially does the same thing, as my example, but runs the powershell script code outside the context of the resource, assigns the value to a Ruby variable, and then evaluates that variable in the not_if guard as a Ruby expression rather than a script to be interpreted by cmd.exe.
-Adam
From: Kenneth Barry [mailto:kbarry-x@tunein.commailto:kbarry-x@tunein.com]
Sent: Monday, February 24, 2014 10:31 AM
To: chef@lists.opscode.commailto:chef@lists.opscode.com
Cc: adamed@getchef.commailto:adamed@getchef.com
Subject: Re: [chef] RE: RE: Re: RE: RE: RE: Re: RE: Re: Idempotent IIS
not_if ‘powershell -noninteractive -noprofile -command “exit [int32]((Get-WindowsFeature -Name Web-Server) -eq $null)”’
As i read this is will not perform the code ( configure iis) if there is no windows feature names web-server…
I see the context.
Thanks for the feedback, I am going to give this a shot. not_if figures out the context required to run the command? Do i need to have powershell.exe’s location in my environment path? Sorry for the new question, there may be a lot of “granted” knowledge from a little experience that I still lack.
On Mon, Feb 24, 2014 at 10:13 AM, Kapil Shardha <Kapil.Shardha@simulationiq.commailto:Kapil.Shardha@simulationiq.com> wrote:
Adam,
The example that I suggested (with powershell_out) worked for me.
-Kapil
From: Adam Edwards [mailto:adamed@getchef.commailto:adamed@getchef.com]
Sent: Monday, February 24, 2014 1:09 PM
To: chef@lists.opscode.commailto:chef@lists.opscode.com
Subject: [chef] RE: Re: RE: RE: RE: Re: RE: Re: Idempotent IIS
Kenneth, I would start with Kapil’s example below (Kapil, did you verify that it worked for you?). Here’s the full context of my example, which was not about iis, but about setting execution policy:
Sets x64 execution policy to remote signed, but only if it’s not already set
powershell_script “set execution policy” do
code "set-executionpolicy remotesigned"
not_if 'powershell -noninteractive -noprofile -command “exit [int32]((Get-ExecutionPolicy) -eq ‘RemoteSigned’)”'
end
So the approach is to use the exit command in PowerShell to set a non-zero (i.e. failed) process exit code when we identify a condition in which the resource should run. The non-zero exit code is interpreted by not_if as “false,” and therefore the resource will be executed. See this part of the docs for more on how “guard” expressions like not_if can be used to provide idempotence where needed: http://docs.opscode.com/resource_common.html.
-Adam
From: Kenneth Barry [mailto:kbarry-x@tunein.commailto:kbarry-x@tunein.com]
Sent: Monday, February 24, 2014 9:58 AM
To: chef@lists.opscode.commailto:chef@lists.opscode.com
Subject: [chef] Re: RE: RE: RE: Re: RE: Re: Idempotent IIS
Adam, re: the example:
not_if 'powershell -noninteractive -noprofile -command “exit [int32]((Get-ExecutionPolicy) -eq ‘RemoteSigned’)”'
I’m new enough to chef to see how this works, but not see where i would “place it”.
I’ve never used nor seen a not_if. Do you have a link to an exanded use-case example?
On Fri, Feb 21, 2014 at 12:13 PM, Kapil Shardha <Kapil.Shardha@simulationiq.commailto:Kapil.Shardha@simulationiq.com> wrote:
That is a good idea! I was suggesting something like this:
---------- 1. Install IIS Role, if not already installed ----------
script =<<-EOF
$x = Get-WindowsFeature -name "Web-Server"
$status = 0
if($x -ne $null)
{
$installed = $x.Installed
if($installed -eq $false)
{
$status = 1
}
else
{
$status = 0
}
}
return $status
EOF
cmd = powershell_out(script)
x = cmd.stdout.chop
powershell_script “Install_IIS” do
code <<-EOH
Install-WindowsFeature -name "Web-Server" -IncludeManagementTools -IncludeAllSubFeature
EOH
only_if { x == '1' }
end
-Kapil
From: Adam Edwards [mailto:adamed@getchef.commailto:adamed@getchef.com]
Sent: Friday, February 21, 2014 3:09 PM
To: chef@lists.opscode.commailto:chef@lists.opscode.com
Subject: [chef] RE: RE: Re: RE: Re: Idempotent IIS
Seems like you can do this without powershell_out - you can coerce powershell to return an exit code using the exit command in powershell - here’s an example:
not_if ‘powershell -noninteractive -noprofile -command “exit [int32]((Get-ExecutionPolicy) -eq ‘RemoteSigned’)”’
The above guard will cause the resource to not execute if powershell’s execution policy is set to remotesigned.
Somewhat related, here is a proposal to make it easier to use powershell and other script resources in guard expressions:
https://github.com/opscode/chef-rfc/blob/adamed/resource-guard/rfc0001-resource-guard.md
-Adam
From: Kapil Shardha [mailto:Kapil.Shardha@SimulationIQ.commailto:Kapil.Shardha@SimulationIQ.com]
Sent: Friday, February 21, 2014 12:02 PM
To: chef@lists.opscode.commailto:chef@lists.opscode.com
Subject: [chef] RE: Re: RE: Re: Idempotent IIS
Chef resources do not return a value (as far as I know). You will have to use “powershell_out” to check for certain condition and based on what it returns you can trigger the iis_config resource.
-Kapil
From: Kenneth Barry [mailto:kbarry-x@tunein.com]
Sent: Friday, February 21, 2014 2:58 PM
To: chef@lists.opscode.commailto:chef@lists.opscode.com
Subject: [chef] Re: RE: Re: Idempotent IIS
Can I use powershell to check the settings, but if the powershell indicates they are different than what they should be, have the iis cookbook sections run again?
Something like
powershell_script “checking setting #1”
(check if settings are the same)
iis_config
only do this is “checking setting #1” returned false.
This is more of a capability/syntax question.
On Fri, Feb 21, 2014 at 11:54 AM, Kapil Shardha <Kapil.Shardha@simulationiq.commailto:Kapil.Shardha@simulationiq.com> wrote:
I ran into same issue when I started using IIS cookbook. I had to write my own cookbook with powershell script in it to do the job.I used guards to ensure idempotency.
Kapil
-------- Original message --------
From: Stephen Nelson-Smith
Date:02/21/2014 2:37 PM (GMT-05:00)
To: chef@lists.opscode.commailto:chef@lists.opscode.com
Subject: [chef] Re: Idempotent IIS
Hi,
On 21 February 2014 19:31, Kenneth Barry <kbarry-x@tunein.commailto:kbarry-x@tunein.com> wrote:
Question:
How are (those of you who are working in Windows/IIS), ensuring Idempotent Recipes for configuring IIS?
On occasions where the community cookbook doesn’t provide idempotent resources, I call out to powershell, and add a guard where needed.
S.
–
Stephen Nelson-Smith,
Founder, Principal Consultant,
Atalanta Systems Ltd,
Web: http://agilesysadmin.net
Twitter: @lordcope
Skype: atalanta.systems
Direct: +44 (0) 1329 550203tel:%2B44%20(0)%201329%20550203
Mobile: +44 (0) 7917 101919tel:%2B44%20(0)%207917%20101919
Atalanta Systems: The Agile Infrastructure Enablers
http://atalanta-systems.com
This email and any accompanying documents may contain privileged or otherwise confidential information of, and/or is the property of Education Management Solutions, Inc. If you are not the intended recipient, please immediately advise the sender by reply email & delete the message & any attachments without using, copying or disclosing the contents. Thank you.
This email and any accompanying documents may contain privileged or otherwise confidential information of, and/or is the property of Education Management Solutions, Inc. If you are not the intended recipient, please immediately advise the sender by reply email & delete the message & any attachments without using, copying or disclosing the contents. Thank you.
This email and any accompanying documents may contain privileged or otherwise confidential information of, and/or is the property of Education Management Solutions, Inc. If you are not the intended recipient, please immediately advise the sender by reply email & delete the message & any attachments without using, copying or disclosing the contents. Thank you.
This email and any accompanying documents may contain privileged or otherwise confidential information of, and/or is the property of Education Management Solutions, Inc. If you are not the intended recipient, please immediately advise the sender by reply email & delete the message & any attachments without using, copying or disclosing the contents. Thank you.
This email and any accompanying documents may contain privileged or otherwise confidential information of, and/or is the property of Education Management Solutions, Inc. If you are not the intended recipient, please immediately advise the sender by reply email & delete the message & any attachments without using, copying or disclosing the contents. Thank you.
