I’ve had the same frustration with WinRM. There are a few things on the way
that should help:
-
This proposed change to the WinRM gem will allow for auth to work
correctly when using Windows as the client (e.g. running knife on Windows):
-
Automation of winrm ssl config to make winrm configuration behave
like ssh config with ssh-keygen, et al:
https://github.com/opscode/chef-rfc/blob/adamed/rfc-winrm-listener/rfc0002-winrm-listener.md,
https://github.com/opscode/chef-rfc/pull/4
You could play with #1 now - it’s being reviewed and tested at the moment
so we don’t have a version of knife integrated with it, you’d have to use
it directly.
#2 is being prototyped, comments welcome on the pull request.
-Adam
From: Florian Hehlen [mailto:Florian.Hehlen@mri-group.com]
Sent: Friday, March 21, 2014 10:28 AM
To: ‘adamed@getchef.com’; 'chef@lists.opscode.com’
Subject: RE: [chef] RE: Re: knife exit codes on windows?
Hi,
I have all but given up on WinRM. It is very temperamental, I find. I have
to admit that the environment I am in is a bit messy. Last year I got winrm
working on 95% of our hardware. Now we are moving to a new domain and there
I am incapable to get it to work. The old approach fails and any attempt to
follow online help with winrm has gone no-where.
Instead I use PsExec that is part of (
http://technet.microsoft.com/en-us/sysinternals/bb842062 ). It works pretty
well. PsExec only works over the company network… so that is probably a
limitation for some. Anyway, I have re-written all of my scripts based on
PsExec and it works pretty well.
I am thinking I could wrap this up into a gem but I have zero experience
with that… time is also an issue.
About windows exit codes… I have found a lot of cases where they are not
respected and you get a 0 exit code even though there was an error or vice
versa… it’s another real pain!
Cheers,
Florian
From: Adam Edwards [mailto:adamed@getchef.com adamed@getchef.com]
Sent: 11 February 2014 08:16
To: chef@lists.opscode.com
Subject: [chef] RE: Re: knife exit codes on windows?
In this case I wouldn’t blame WinRM - the knife plugin really should return
the exit code.
You can definitely get a true / false status of a remotely executed
command, though the process exit code for non-powershell cmdlets is
tricker. For example, $? is $true in the first success case below, $false
in the second:
Invoke-command {echo hi}
$? == $true
Invoke-command {throw ‘sad’}
$? == $false
Throwing an exception will cause invoke command to set $? to $false. Since
cmdlets only return $true or $false as an exit status, that’s as good as it
gets.
If you want to translate that into a process exit code, you can add logic
to your script to check $LASTEXITCODE. If you just want a failure status,
you can throw an exception. If you’d like the actual code, you’ll need to
do as suggested below - parse it, possibly by encoding all script output
as xml or json, or simply emitting the exit code as the last line of your
script.
Regarding the original issue, I would expect knife winrm to return a
nonzero exit code if the command it is executing fails.
-Adam
From: Larry Wright [mailto:larrywright@gmail.com]
Sent: Monday, February 10, 2014 7:54 PM
To: chef@lists.opscode.com
Subject: [chef] Re: knife exit codes on windows?
WinRM is… special. Ok, that’s being too nice. It’s an abomination, but it’s
all we have on Windows unless you want to install an SSH daemon. There is
not, as far as I can tell, any way to get the exit code of a process called
via WinRM. Your best bet is to parse the output, unless someone else knows
of something that I have overlooked.
Larry Wright
On Feb 10, 2014, at 9:17 AM, Brian Anderson brian.anderson@affectiva.com
wrote:
I feel like I’m missing something obvious here. No matter what happens in
the run, knife winrm always seems to return 0.
To demonstrate this I did a remote run of chef-client, calling an invalid
override run list.
First on linux:
[banderson@banderson ~ ] knife ssh -m linhost -x user -i key.pem "sudo
chef-client --force-logger -l info -o recipe[nosuch::recipel]"
[...]
linhost [2014-02-10T09:57:56-05:00] FATAL:
Chef::Exceptions::RecipeNotFound: could not find recipe fooszl for cookbook
affdex
[banderson@banderson ~ ] echo $?
1
Then Windows:
knife winrm -m winhost -x Administrator -P password “chef-client
–force-logger -l info -o recipe[affdex::fooszl]”
[…]
winhost [2014-02-10T09:58:33-05:00] FATAL:
Chef::Exceptions::RecipeNotFound: could not find recipe fooszl for cookbook
affdex
[banderson@banderson ~ ] echo ?
0
Then I tried using the --returns arg to knife winrm:
knife winrm --returns 0 -m winhost -x Administrator
-P password “chef-client --force-logger -l info -o recipe[affdex::fooszl]”
[…]
winhost [2014-02-10T09:59:03-05:00] FATAL:
Chef::Exceptions::RecipeNotFound: could not find recipe fooszl for cookbook
affdex
ERROR: Failed to execute command on winhost return code 1
[banderson@banderson ~ ] echo ?
0
Is there some way that I am missing to get knife winrm to return 1 when the
chef run fails, like knife ssh does?
Thanks,
Brian
–
Brian Anderson | Operations Engineer
Phone 781.696.1304
[image:
http://www.finsmes.com/wp-content/uploads/2011/07/Affectiva_logo_JPG.jpg]
www.affectiva.com
[image:
http://www.snoitulosten.com/wp-content/uploads/2010/01/facebook-small.jpg]http://www.facebook.com/affectiva
[image:
http://www.snoitulosten.com/wp-content/uploads/2010/01/twitter-small.jpg]https://twitter.com/Affectiva
[image:
http://images4.wikia.nocookie.net/__cb20101115140837/finalfantasy/images/9/93/Youtube_icon_logo.gif]http://www.youtube.com/user/affectiva
[image:
http://brendanmitchell.files.wordpress.com/2009/03/blog-icon-200.png]http://www.affectiva.com/blog/
[image:
http://www.itprosphilly.com/wp-content/uploads/2011/08/linkedin-icon-small.png]http://www.linkedin.com/company/affectiva_2
[image:
http://www.thesimplerweb.com/wp-content/uploads/2012/08/google-plus-icon.jpg?cda6c1]https://plus.google.com/b/115885368219797754125/115885368219797754125/posts
LEGAL DISCLAIMER
This communication and any attached documents are strictly confidential
and/or legally privileged and they may not be used or disclosed by someone
who is not a named recipient. If you have received this electronic
communication in error please notify the sender by replying to this
electronic communication inserting the word “misdirected” as the subject
and delete this communication from your system.