I've got the windows blues

Chef Infra (archive)
1

Hi,

Over the past weeks I’ve worked with a client on a Chef POC involving
mainly Windows (on EC2, Azure and locally) and have a few observations that
I’ll like to provide (and hopefully get some feedback on :slight_smile:

First, the actual cookbook execution works fine, we can accomplish
everything we need (and probably more :slight_smile:

Now for some of the problems we’ve encountered:

The above can all be solved with new releases of knife-ec2 and
knife-windows.

A more fundamental issue we’ve seen is what seems to be a bug in WinRM 3.0
http://social.technet.microsoft.com/Forums/en-US/w7itproinstall/thread/51810d3b-6236-44f8-99fd-10f004ad8002/

This basically breaks remote execution of chef-client in unpredictable ways
(SQL Server installation aborts, powershell scripts fails etc.). We’ve
worked around this using PsExec but this is quite a hack.

A see a few solutions to this:

  • Don’t use WinRM but install and use SSH instead. Would be nice if the
    opscode openssh cookbook supported windows
  • Run chef-client as a service. This not currently optimal for us as we
    use this in an automated testing setup and need to know when configuration
    is complete. Perhaps a way to force the service to do a chef-client run and
    wait for completion?

I’m not a Windows expert but believe WinRM 3.0 is default on Server 2012
and cannot be downgraded, which eventually means that until this problem is
solved, Chef usage on Server 2012 will be suboptimal.

/Jeppe

2

Thanks for that summary Jeppe. I responded to a related issue on another thread, can you tell me if you’ve seen the winrm maxmemorypershellmb problem outside of Win2k12? My current theories on that are that it should not happen outside of 2k12, but appearance of it on 2k8r2 or other versions would disprove that.

Thanks for the summary on the bugs that are fixed in other releases - I agree that these gem releases should happen as soon as they can. I will get a few more eyes on this so we can figure out how to get this delivered sooner.


Adam Edwards
Software Development Engineer, Opscode, Inc.

From: Jeppe Nejsum Madsen <jeppe@ingolfs.dkmailto:jeppe@ingolfs.dk>
Reply-To: "chef@lists.opscode.commailto:chef@lists.opscode.com" <chef@lists.opscode.commailto:chef@lists.opscode.com>
Date: Friday, May 24, 2013 2:16 AM
To: "chef@lists.opscode.commailto:chef@lists.opscode.com" <chef@lists.opscode.commailto:chef@lists.opscode.com>
Subject: [chef] I’ve got the windows blues

Hi,

Over the past weeks I’ve worked with a client on a Chef POC involving mainly Windows (on EC2, Azure and locally) and have a few observations that I’ll like to provide (and hopefully get some feedback on :slight_smile:

First, the actual cookbook execution works fine, we can accomplish everything we need (and probably more :slight_smile:

Now for some of the problems we’ve encountered:

The above can all be solved with new releases of knife-ec2 and knife-windows.

A more fundamental issue we’ve seen is what seems to be a bug in WinRM 3.0 http://social.technet.microsoft.com/Forums/en-US/w7itproinstall/thread/51810d3b-6236-44f8-99fd-10f004ad8002/

This basically breaks remote execution of chef-client in unpredictable ways (SQL Server installation aborts, powershell scripts fails etc.). We’ve worked around this using PsExec but this is quite a hack.

A see a few solutions to this:

  • Don’t use WinRM but install and use SSH instead. Would be nice if the opscode openssh cookbook supported windows
  • Run chef-client as a service. This not currently optimal for us as we use this in an automated testing setup and need to know when configuration is complete. Perhaps a way to force the service to do a chef-client run and wait for completion?

I’m not a Windows expert but believe WinRM 3.0 is default on Server 2012 and cannot be downgraded, which eventually means that until this problem is solved, Chef usage on Server 2012 will be suboptimal.

/Jeppe

3

On Fri, May 24, 2013 at 5:55 PM, Adam Edwards adamed@opscode.com wrote:

Thanks for that summary Jeppe. I responded to a related issue on another
thread, can you tell me if you've seen the winrm maxmemorypershellmb
problem outside of Win2k12? My current theories on that are that it should
not happen outside of 2k12, but appearance of it on 2k8r2 or other versions
would disprove that.

I have just tried on an Amazon image (ami-46908432) that is running Server
2008 R2. The image comes with WinRM 3.0 and I observe the same problems as
described in http://tickets.opscode.com/browse/KNIFE-208. So my quick
conclusion is that it is not caused by 2008 vs 2012 but rather WinRM 3.0
(which is default in 2k12)

C:\Users\Administrator>systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
OS Name: Microsoft Windows Server 2008 R2 Datacenter
OS Version: 6.1.7601 Service Pack 1 Build 7601

C:\Users\Administrator>winrm id
IdentifyResponse
ProtocolVersion = http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
ProductVendor = Microsoft Corporation
ProductVersion = OS: 6.1.7601 SP: 1.0 Stack: 3.0

C:\Users\Administrator>winrs -r:127.0.0.1 "powershell -noprofile
-noninteractive c:\getjob2.ps1"
...
\winrs_\shell_\j\o\b_fac6c27a-cc08-49d1-b889-3178ac800427
SettingId='\winrs_\shell_\j\o\b_fac6c27a-cc08-49d1-b889-3178ac800427'
314572800
157286400
C:\getjob2.ps1 : Value is '157286400', should be '314572800'
At line:1 char:1

  • c:\getjob2.ps1

Thanks for the summary on the bugs that are fixed in other releases — I
agree that these gem releases should happen as soon as they can. I will get
a few more eyes on this so we can figure out how to get this delivered
sooner.

Sounds good, looking forward to it.

/Jeppe

4

Ohh,

Here's the bug report:

Not sure if there is a more official way to track this...

/Jeppe

On Mon, May 27, 2013 at 9:19 AM, Jeppe Nejsum Madsen jeppe@ingolfs.dkwrote:

On Fri, May 24, 2013 at 5:55 PM, Adam Edwards adamed@opscode.com wrote:

Thanks for that summary Jeppe. I responded to a related issue on
another thread, can you tell me if you've seen the winrm
maxmemorypershellmb problem outside of Win2k12? My current theories on that
are that it should not happen outside of 2k12, but appearance of it on
2k8r2 or other versions would disprove that.

I have just tried on an Amazon image (ami-46908432) that is running Server
2008 R2. The image comes with WinRM 3.0 and I observe the same problems as
described in http://tickets.opscode.com/browse/KNIFE-208. So my quick
conclusion is that it is not caused by 2008 vs 2012 but rather WinRM 3.0
(which is default in 2k12)

C:\Users\Administrator>systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
OS Name: Microsoft Windows Server 2008 R2 Datacenter
OS Version: 6.1.7601 Service Pack 1 Build 7601

C:\Users\Administrator>winrm id
IdentifyResponse
ProtocolVersion = http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
ProductVendor = Microsoft Corporation
ProductVersion = OS: 6.1.7601 SP: 1.0 Stack: 3.0

C:\Users\Administrator>winrs -r:127.0.0.1 "powershell -noprofile
-noninteractive c:\getjob2.ps1"
...
\winrs_\shell_\j\o\b_fac6c27a-cc08-49d1-b889-3178ac800427
SettingId='\winrs_\shell_\j\o\b_fac6c27a-cc08-49d1-b889-3178ac800427'
314572800
157286400
C:\getjob2.ps1 : Value is '157286400', should be '314572800'
At line:1 char:1

  • c:\getjob2.ps1

Thanks for the summary on the bugs that are fixed in other releases — I
agree that these gem releases should happen as soon as they can. I will get
a few more eyes on this so we can figure out how to get this delivered
sooner.

Sounds good, looking forward to it.

/Jeppe