Knife exit codes on windows?


#1

I feel like I’m missing something obvious here. No matter what happens in
the run, knife winrm always seems to return 0.

To demonstrate this I did a remote run of chef-client, calling an invalid
override run list.

First on linux:

[banderson@banderson ~ ] knife ssh -m linhost -x user -i key.pem "sudo chef-client --force-logger -l info -o recipe[nosuch::recipel]" [...] linhost [2014-02-10T09:57:56-05:00] FATAL: Chef::Exceptions::RecipeNotFound: could not find recipe fooszl for cookbook affdex [banderson@banderson ~ ] echo $?
1

Then Windows:

knife winrm -m winhost -x Administrator -P password "chef-client

–force-logger -l info -o recipe[affdex::fooszl]"
[…]
winhost [2014-02-10T09:58:33-05:00] FATAL:
Chef::Exceptions::RecipeNotFound: could not find recipe fooszl for cookbook
affdex
[banderson@banderson ~ ] echo ?
0

Then I tried using the --returns arg to knife winrm:

knife winrm --returns 0 -m winhost -x Administrator

-P password “chef-client --force-logger -l info -o recipe[affdex::fooszl]”
[…]
winhost [2014-02-10T09:59:03-05:00] FATAL:
Chef::Exceptions::RecipeNotFound: could not find recipe fooszl for cookbook
affdex
ERROR: Failed to execute command on winhost return code 1
[banderson@banderson ~ ] echo ?
0

Is there some way that I am missing to get knife winrm to return 1 when the
chef run fails, like knife ssh does?

Thanks,

Brian

Brian Anderson | Operations Engineer
Phone 781.696.1304

www.affectiva.com
http://www.facebook.com/affectiva https://twitter.com/Affectiva
http://www.youtube.com/user/affectiva
http://www.affectiva.com/blog/ http://www.linkedin.com/company/affectiva_2
https://plus.google.com/b/115885368219797754125/115885368219797754125/posts


#2

What shell are you using - I’d like to be sure this repro’s on PowerShell -
I tried this myself on PowerShell and was able to repro the problem, and
would like to be sure you’re also seeing it there.

I can’t think of a workaround at the moment - I’ve filed the ticket below:

https://tickets.opscode.com/browse/KNIFE-450

-Adam

From: Brian Anderson [mailto:brian.anderson@affectiva.com]
Sent: Monday, February 10, 2014 7:18 AM
To: chef@lists.opscode.com
Subject: [chef] knife exit codes on windows?

I feel like I’m missing something obvious here. No matter what happens in
the run, knife winrm always seems to return 0.

To demonstrate this I did a remote run of chef-client, calling an invalid
override run list.

First on linux:

[banderson@banderson ~ ] knife ssh -m linhost -x user -i key.pem "sudo chef-client --force-logger -l info -o recipe[nosuch::recipel]" [...] linhost [2014-02-10T09:57:56-05:00] FATAL: Chef::Exceptions::RecipeNotFound: could not find recipe fooszl for cookbook affdex [banderson@banderson ~ ] echo $?
1

Then Windows:

knife winrm -m winhost -x Administrator -P password “chef-client
–force-logger -l info -o recipe[affdex::fooszl]”
[…]
winhost [2014-02-10T09:58:33-05:00] FATAL:
Chef::Exceptions::RecipeNotFound: could not find recipe fooszl for cookbook
affdex
[banderson@banderson ~ ] echo ?
0

Then I tried using the --returns arg to knife winrm:

knife winrm --returns 0 -m winhost -x Administrator
-P password “chef-client --force-logger -l info -o recipe[affdex::fooszl]”
[…]
winhost [2014-02-10T09:59:03-05:00] FATAL:
Chef::Exceptions::RecipeNotFound: could not find recipe fooszl for cookbook
affdex
ERROR: Failed to execute command on winhost return code 1
[banderson@banderson ~ ] echo ?
0

Is there some way that I am missing to get knife winrm to return 1 when the
chef run fails, like knife ssh does?

Thanks,

Brian


Brian Anderson | Operations Engineer
Phone 781.696.1304
[image:
http://www.finsmes.com/wp-content/uploads/2011/07/Affectiva_logo_JPG.jpg]
www.affectiva.com
[image:
http://www.snoitulosten.com/wp-content/uploads/2010/01/facebook-small.jpg]http://www.facebook.com/affectiva
[image:
http://www.snoitulosten.com/wp-content/uploads/2010/01/twitter-small.jpg]https://twitter.com/Affectiva
[image:
http://images4.wikia.nocookie.net/__cb20101115140837/finalfantasy/images/9/93/Youtube_icon_logo.gif]http://www.youtube.com/user/affectiva
[image:
http://brendanmitchell.files.wordpress.com/2009/03/blog-icon-200.png]http://www.affectiva.com/blog/
[image:
http://www.itprosphilly.com/wp-content/uploads/2011/08/linkedin-icon-small.png]http://www.linkedin.com/company/affectiva_2
[image:
http://www.thesimplerweb.com/wp-content/uploads/2012/08/google-plus-icon.jpg?cda6c1]https://plus.google.com/b/115885368219797754125/115885368219797754125/posts


#3

WinRM is… special. Ok, that’s being too nice. It’s an abomination, but it’s all we have on Windows unless you want to install an SSH daemon. There is not, as far as I can tell, any way to get the exit code of a process called via WinRM. Your best bet is to parse the output, unless someone else knows of something that I have overlooked.

Larry Wright

On Feb 10, 2014, at 9:17 AM, Brian Anderson brian.anderson@affectiva.com wrote:

I feel like I’m missing something obvious here. No matter what happens in the run, knife winrm always seems to return 0.

To demonstrate this I did a remote run of chef-client, calling an invalid override run list.

First on linux:

[banderson@banderson ~ ] knife ssh -m linhost -x user -i key.pem "sudo chef-client --force-logger -l info -o recipe[nosuch::recipel]" [...] linhost [2014-02-10T09:57:56-05:00] FATAL: Chef::Exceptions::RecipeNotFound: could not find recipe fooszl for cookbook affdex [banderson@banderson ~ ] echo $?
1

Then Windows:

knife winrm -m winhost -x Administrator -P password “chef-client --force-logger -l info -o recipe[affdex::fooszl]”
[…]
winhost [2014-02-10T09:58:33-05:00] FATAL: Chef::Exceptions::RecipeNotFound: could not find recipe fooszl for cookbook affdex
[banderson@banderson ~ ] echo ?
0

Then I tried using the --returns arg to knife winrm:

knife winrm --returns 0 -m winhost -x Administrator -P password “chef-client --force-logger -l info -o recipe[affdex::fooszl]”
[…]
winhost [2014-02-10T09:59:03-05:00] FATAL: Chef::Exceptions::RecipeNotFound: could not find recipe fooszl for cookbook affdex
ERROR: Failed to execute command on winhost return code 1
[banderson@banderson ~ ] echo ?
0

Is there some way that I am missing to get knife winrm to return 1 when the chef run fails, like knife ssh does?

Thanks,

Brian

Brian Anderson | Operations Engineer
Phone 781.696.1304

www.affectiva.com


#4

In this case I wouldn’t blame WinRM - the knife plugin really should return
the exit code.

You can definitely get a true / false status of a remotely executed
command, though the process exit code for non-powershell cmdlets is
tricker. For example, $? is $true in the first success case below, $false
in the second:

Invoke-command {echo hi}

$? == $true

Invoke-command {throw ‘sad’}

$? == $false

Throwing an exception will cause invoke command to set $? to $false. Since
cmdlets only return $true or $false as an exit status, that’s as good as it
gets.

If you want to translate that into a process exit code, you can add logic
to your script to check $LASTEXITCODE. If you just want a failure status,
you can throw an exception. If you’d like the actual code, you’ll need to
do as suggested below - parse it, possibly by encoding all script output
as xml or json, or simply emitting the exit code as the last line of your
script.

Regarding the original issue, I would expect knife winrm to return a
nonzero exit code if the command it is executing fails.

-Adam

From: Larry Wright [mailto:larrywright@gmail.com]
Sent: Monday, February 10, 2014 7:54 PM
To: chef@lists.opscode.com
Subject: [chef] Re: knife exit codes on windows?

WinRM is… special. Ok, that’s being too nice. It’s an abomination, but it’s
all we have on Windows unless you want to install an SSH daemon. There is
not, as far as I can tell, any way to get the exit code of a process called
via WinRM. Your best bet is to parse the output, unless someone else knows
of something that I have overlooked.

Larry Wright

On Feb 10, 2014, at 9:17 AM, Brian Anderson brian.anderson@affectiva.com
wrote:

I feel like I’m missing something obvious here. No matter what happens in
the run, knife winrm always seems to return 0.

To demonstrate this I did a remote run of chef-client, calling an invalid
override run list.

First on linux:

[banderson@banderson ~ ] knife ssh -m linhost -x user -i key.pem "sudo chef-client --force-logger -l info -o recipe[nosuch::recipel]" [...] linhost [2014-02-10T09:57:56-05:00] FATAL: Chef::Exceptions::RecipeNotFound: could not find recipe fooszl for cookbook affdex [banderson@banderson ~ ] echo $?
1

Then Windows:

knife winrm -m winhost -x Administrator -P password “chef-client
–force-logger -l info -o recipe[affdex::fooszl]”
[…]
winhost [2014-02-10T09:58:33-05:00] FATAL:
Chef::Exceptions::RecipeNotFound: could not find recipe fooszl for cookbook
affdex
[banderson@banderson ~ ] echo ?
0

Then I tried using the --returns arg to knife winrm:

knife winrm --returns 0 -m winhost -x Administrator
-P password “chef-client --force-logger -l info -o recipe[affdex::fooszl]”
[…]
winhost [2014-02-10T09:59:03-05:00] FATAL:
Chef::Exceptions::RecipeNotFound: could not find recipe fooszl for cookbook
affdex
ERROR: Failed to execute command on winhost return code 1
[banderson@banderson ~ ] echo ?
0

Is there some way that I am missing to get knife winrm to return 1 when the
chef run fails, like knife ssh does?

Thanks,

Brian


Brian Anderson | Operations Engineer
Phone 781.696.1304
[image:
http://www.finsmes.com/wp-content/uploads/2011/07/Affectiva_logo_JPG.jpg]
www.affectiva.com
[image:
http://www.snoitulosten.com/wp-content/uploads/2010/01/facebook-small.jpg]http://www.facebook.com/affectiva
[image:
http://www.snoitulosten.com/wp-content/uploads/2010/01/twitter-small.jpg]https://twitter.com/Affectiva
[image:
http://images4.wikia.nocookie.net/__cb20101115140837/finalfantasy/images/9/93/Youtube_icon_logo.gif]http://www.youtube.com/user/affectiva
[image:
http://brendanmitchell.files.wordpress.com/2009/03/blog-icon-200.png]http://www.affectiva.com/blog/
[image:
http://www.itprosphilly.com/wp-content/uploads/2011/08/linkedin-icon-small.png]http://www.linkedin.com/company/affectiva_2
[image:
http://www.thesimplerweb.com/wp-content/uploads/2012/08/google-plus-icon.jpg?cda6c1]https://plus.google.com/b/115885368219797754125/115885368219797754125/posts


#5

Hi,

I have all but given up on WinRM. It is very temperamental, I find. I have to admit that the environment I am in is a bit messy. Last year I got winrm working on 95% of our hardware. Now we are moving to a new domain and there I am incapable to get it to work. The old approach fails and any attempt to follow online help with winrm has gone no-where.

Instead I use PsExec that is part of (http://technet.microsoft.com/en-us/sysinternals/bb842062 ). It works pretty well. PsExec only works over the company network… so that is probably a limitation for some. Anyway, I have re-written all of my scripts based on PsExec and it works pretty well.

I am thinking I could wrap this up into a gem but I have zero experience with that… time is also an issue.

About windows exit codes… I have found a lot of cases where they are not respected and you get a 0 exit code even though there was an error or vice versa… it’s another real pain!

Cheers,
Florian

From: Adam Edwards [mailto:adamed@getchef.com]
Sent: 11 February 2014 08:16
To: chef@lists.opscode.com
Subject: [chef] RE: Re: knife exit codes on windows?

In this case I wouldn’t blame WinRM - the knife plugin really should return the exit code.

You can definitely get a true / false status of a remotely executed command, though the process exit code for non-powershell cmdlets is tricker. For example, $? is $true in the first success case below, $false in the second:

Invoke-command {echo hi}

$? == $true

Invoke-command {throw ‘sad’}

$? == $false

Throwing an exception will cause invoke command to set $? to $false. Since cmdlets only return $true or $false as an exit status, that’s as good as it gets.

If you want to translate that into a process exit code, you can add logic to your script to check $LASTEXITCODE. If you just want a failure status, you can throw an exception. If you’d like the actual code, you’ll need to do as suggested below - parse it, possibly by encoding all script output as xml or json, or simply emitting the exit code as the last line of your script.

Regarding the original issue, I would expect knife winrm to return a nonzero exit code if the command it is executing fails.

-Adam

From: Larry Wright [mailto:larrywright@gmail.commailto:larrywright@gmail.com]
Sent: Monday, February 10, 2014 7:54 PM
To: chef@lists.opscode.commailto:chef@lists.opscode.com
Subject: [chef] Re: knife exit codes on windows?

WinRM is… special. Ok, that’s being too nice. It’s an abomination, but it’s all we have on Windows unless you want to install an SSH daemon. There is not, as far as I can tell, any way to get the exit code of a process called via WinRM. Your best bet is to parse the output, unless someone else knows of something that I have overlooked.

Larry Wright

On Feb 10, 2014, at 9:17 AM, Brian Anderson <brian.anderson@affectiva.commailto:brian.anderson@affectiva.com> wrote:

I feel like I’m missing something obvious here. No matter what happens in the run, knife winrm always seems to return 0.

To demonstrate this I did a remote run of chef-client, calling an invalid override run list.

First on linux:

[banderson@banderson ~ ] knife ssh -m linhost -x user -i key.pem "sudo chef-client --force-logger -l info -o recipe[nosuch::recipel]" [...] linhost [2014-02-10T09:57:56-05:00] FATAL: Chef::Exceptions::RecipeNotFound: could not find recipe fooszl for cookbook affdex [banderson@banderson ~ ] echo $?
1

Then Windows:

knife winrm -m winhost -x Administrator -P password “chef-client --force-logger -l info -o recipe[affdex::fooszl]”
[…]
winhost [2014-02-10T09:58:33-05:00] FATAL: Chef::Exceptions::RecipeNotFound: could not find recipe fooszl for cookbook affdex
[banderson@banderson ~ ] echo ?
0

Then I tried using the --returns arg to knife winrm:

knife winrm --returns 0 -m winhost -x Administrator -P password “chef-client --force-logger -l info -o recipe[affdex::fooszl]”
[…]
winhost [2014-02-10T09:59:03-05:00] FATAL: Chef::Exceptions::RecipeNotFound: could not find recipe fooszl for cookbook affdex
ERROR: Failed to execute command on winhost return code 1
[banderson@banderson ~ ] echo ?
0

Is there some way that I am missing to get knife winrm to return 1 when the chef run fails, like knife ssh does?

Thanks,

Brian

Brian Anderson | Operations Engineer
Phone 781.696.1304
[http://www.finsmes.com/wp-content/uploads/2011/07/Affectiva_logo_JPG.jpg]
www.affectiva.comhttp://www.affectiva.com/
[http://www.snoitulosten.com/wp-content/uploads/2010/01/facebook-small.jpg]http://www.facebook.com/affectiva [http://www.snoitulosten.com/wp-content/uploads/2010/01/twitter-small.jpg] https://twitter.com/Affectiva [http://images4.wikia.nocookie.net/__cb20101115140837/finalfantasy/images/9/93/Youtube_icon_logo.gif] http://www.youtube.com/user/affectiva [http://brendanmitchell.files.wordpress.com/2009/03/blog-icon-200.png] http://www.affectiva.com/blog/ [http://www.itprosphilly.com/wp-content/uploads/2011/08/linkedin-icon-small.png] http://www.linkedin.com/company/affectiva_2 [http://www.thesimplerweb.com/wp-content/uploads/2012/08/google-plus-icon.jpg?cda6c1] https://plus.google.com/b/115885368219797754125/115885368219797754125/posts

LEGAL DISCLAIMER
This communication and any attached documents are strictly confidential and/or legally privileged and they may not be used or disclosed by someone who is not a named recipient. If you have received this electronic communication in error please notify the sender by replying to this electronic communication inserting the word “misdirected” as the subject and delete this communication from your system.


#6

I’ve had the same frustration with WinRM. There are a few things on the way
that should help:

  1.   This proposed change to the WinRM gem will allow for auth to work
    

correctly when using Windows as the client (e.g. running knife on Windows):

  1.   Automation of winrm ssl config to make winrm configuration behave
    

like ssh config with ssh-keygen, et al:
https://github.com/opscode/chef-rfc/blob/adamed/rfc-winrm-listener/rfc0002-winrm-listener.md,
https://github.com/opscode/chef-rfc/pull/4

You could play with #1 now - it’s being reviewed and tested at the moment
so we don’t have a version of knife integrated with it, you’d have to use
it directly.

#2 is being prototyped, comments welcome on the pull request.

-Adam

From: Florian Hehlen [mailto:Florian.Hehlen@mri-group.com]
Sent: Friday, March 21, 2014 10:28 AM
To: ‘adamed@getchef.com’; 'chef@lists.opscode.com’
Subject: RE: [chef] RE: Re: knife exit codes on windows?

Hi,

I have all but given up on WinRM. It is very temperamental, I find. I have
to admit that the environment I am in is a bit messy. Last year I got winrm
working on 95% of our hardware. Now we are moving to a new domain and there
I am incapable to get it to work. The old approach fails and any attempt to
follow online help with winrm has gone no-where.

Instead I use PsExec that is part of (
http://technet.microsoft.com/en-us/sysinternals/bb842062 ). It works pretty
well. PsExec only works over the company network… so that is probably a
limitation for some. Anyway, I have re-written all of my scripts based on
PsExec and it works pretty well.

I am thinking I could wrap this up into a gem but I have zero experience
with that… time is also an issue.

About windows exit codes… I have found a lot of cases where they are not
respected and you get a 0 exit code even though there was an error or vice
versa… it’s another real pain!

Cheers,

Florian

From: Adam Edwards [mailto:adamed@getchef.com adamed@getchef.com]
Sent: 11 February 2014 08:16
To: chef@lists.opscode.com
Subject: [chef] RE: Re: knife exit codes on windows?

In this case I wouldn’t blame WinRM - the knife plugin really should return
the exit code.

You can definitely get a true / false status of a remotely executed
command, though the process exit code for non-powershell cmdlets is
tricker. For example, $? is $true in the first success case below, $false
in the second:

Invoke-command {echo hi}

$? == $true

Invoke-command {throw ‘sad’}

$? == $false

Throwing an exception will cause invoke command to set $? to $false. Since
cmdlets only return $true or $false as an exit status, that’s as good as it
gets.

If you want to translate that into a process exit code, you can add logic
to your script to check $LASTEXITCODE. If you just want a failure status,
you can throw an exception. If you’d like the actual code, you’ll need to
do as suggested below - parse it, possibly by encoding all script output
as xml or json, or simply emitting the exit code as the last line of your
script.

Regarding the original issue, I would expect knife winrm to return a
nonzero exit code if the command it is executing fails.

-Adam

From: Larry Wright [mailto:larrywright@gmail.com]
Sent: Monday, February 10, 2014 7:54 PM
To: chef@lists.opscode.com
Subject: [chef] Re: knife exit codes on windows?

WinRM is… special. Ok, that’s being too nice. It’s an abomination, but it’s
all we have on Windows unless you want to install an SSH daemon. There is
not, as far as I can tell, any way to get the exit code of a process called
via WinRM. Your best bet is to parse the output, unless someone else knows
of something that I have overlooked.

Larry Wright

On Feb 10, 2014, at 9:17 AM, Brian Anderson brian.anderson@affectiva.com
wrote:

I feel like I’m missing something obvious here. No matter what happens in
the run, knife winrm always seems to return 0.

To demonstrate this I did a remote run of chef-client, calling an invalid
override run list.

First on linux:

[banderson@banderson ~ ] knife ssh -m linhost -x user -i key.pem "sudo chef-client --force-logger -l info -o recipe[nosuch::recipel]" [...] linhost [2014-02-10T09:57:56-05:00] FATAL: Chef::Exceptions::RecipeNotFound: could not find recipe fooszl for cookbook affdex [banderson@banderson ~ ] echo $?
1

Then Windows:

knife winrm -m winhost -x Administrator -P password “chef-client
–force-logger -l info -o recipe[affdex::fooszl]”
[…]
winhost [2014-02-10T09:58:33-05:00] FATAL:
Chef::Exceptions::RecipeNotFound: could not find recipe fooszl for cookbook
affdex
[banderson@banderson ~ ] echo ?
0

Then I tried using the --returns arg to knife winrm:

knife winrm --returns 0 -m winhost -x Administrator
-P password “chef-client --force-logger -l info -o recipe[affdex::fooszl]”
[…]
winhost [2014-02-10T09:59:03-05:00] FATAL:
Chef::Exceptions::RecipeNotFound: could not find recipe fooszl for cookbook
affdex
ERROR: Failed to execute command on winhost return code 1
[banderson@banderson ~ ] echo ?
0

Is there some way that I am missing to get knife winrm to return 1 when the
chef run fails, like knife ssh does?

Thanks,

Brian


Brian Anderson | Operations Engineer
Phone 781.696.1304
[image:
http://www.finsmes.com/wp-content/uploads/2011/07/Affectiva_logo_JPG.jpg]
www.affectiva.com
[image:
http://www.snoitulosten.com/wp-content/uploads/2010/01/facebook-small.jpg]http://www.facebook.com/affectiva
[image:
http://www.snoitulosten.com/wp-content/uploads/2010/01/twitter-small.jpg]https://twitter.com/Affectiva
[image:
http://images4.wikia.nocookie.net/__cb20101115140837/finalfantasy/images/9/93/Youtube_icon_logo.gif]http://www.youtube.com/user/affectiva
[image:
http://brendanmitchell.files.wordpress.com/2009/03/blog-icon-200.png]http://www.affectiva.com/blog/
[image:
http://www.itprosphilly.com/wp-content/uploads/2011/08/linkedin-icon-small.png]http://www.linkedin.com/company/affectiva_2
[image:
http://www.thesimplerweb.com/wp-content/uploads/2012/08/google-plus-icon.jpg?cda6c1]https://plus.google.com/b/115885368219797754125/115885368219797754125/posts

LEGAL DISCLAIMER
This communication and any attached documents are strictly confidential
and/or legally privileged and they may not be used or disclosed by someone
who is not a named recipient. If you have received this electronic
communication in error please notify the sender by replying to this
electronic communication inserting the word “misdirected” as the subject
and delete this communication from your system.


#7

We have WinRM enabled/configures using GPO, works everywhere. How are yall
handling it?

On Fri, Mar 21, 2014 at 11:10 AM, Adam Edwards adamed@getchef.com wrote:

I’ve had the same frustration with WinRM. There are a few things on the
way that should help:

  1.   This proposed change to the WinRM gem will allow for auth to
    

work correctly when using Windows as the client (e.g. running knife on
Windows): https://github.com/WinRb/WinRM/pull/62

  1.   Automation of winrm ssl config to make winrm configuration
    

behave like ssh config with ssh-keygen, et al:
https://github.com/opscode/chef-rfc/blob/adamed/rfc-winrm-listener/rfc0002-winrm-listener.md,
https://github.com/opscode/chef-rfc/pull/4

You could play with #1 now - it’s being reviewed and tested at the moment
so we don’t have a version of knife integrated with it, you’d have to use
it directly.

#2 is being prototyped, comments welcome on the pull request.

-Adam

From: Florian Hehlen [mailto:Florian.Hehlen@mri-group.com]
Sent: Friday, March 21, 2014 10:28 AM
To: ‘adamed@getchef.com’; 'chef@lists.opscode.com’
Subject: RE: [chef] RE: Re: knife exit codes on windows?

Hi,

I have all but given up on WinRM. It is very temperamental, I find. I have
to admit that the environment I am in is a bit messy. Last year I got winrm
working on 95% of our hardware. Now we are moving to a new domain and there
I am incapable to get it to work. The old approach fails and any attempt to
follow online help with winrm has gone no-where.

Instead I use PsExec that is part of (
http://technet.microsoft.com/en-us/sysinternals/bb842062 ). It works
pretty well. PsExec only works over the company network… so that is
probably a limitation for some. Anyway, I have re-written all of my scripts
based on PsExec and it works pretty well.

I am thinking I could wrap this up into a gem but I have zero experience
with that… time is also an issue.

About windows exit codes… I have found a lot of cases where they are not
respected and you get a 0 exit code even though there was an error or vice
versa… it’s another real pain!

Cheers,

Florian

From: Adam Edwards [mailto:adamed@getchef.com adamed@getchef.com]
Sent: 11 February 2014 08:16
To: chef@lists.opscode.com
Subject: [chef] RE: Re: knife exit codes on windows?

In this case I wouldn’t blame WinRM - the knife plugin really should
return the exit code.

You can definitely get a true / false status of a remotely executed
command, though the process exit code for non-powershell cmdlets is
tricker. For example, $? is $true in the first success case below, $false
in the second:

Invoke-command {echo hi}

$? == $true

Invoke-command {throw ‘sad’}

$? == $false

Throwing an exception will cause invoke command to set $? to $false. Since
cmdlets only return $true or $false as an exit status, that’s as good as it
gets.

If you want to translate that into a process exit code, you can add logic
to your script to check $LASTEXITCODE. If you just want a failure status,
you can throw an exception. If you’d like the actual code, you’ll need to
do as suggested below - parse it, possibly by encoding all script output
as xml or json, or simply emitting the exit code as the last line of your
script.

Regarding the original issue, I would expect knife winrm to return a
nonzero exit code if the command it is executing fails.

-Adam

From: Larry Wright [mailto:larrywright@gmail.com]
Sent: Monday, February 10, 2014 7:54 PM
To: chef@lists.opscode.com
Subject: [chef] Re: knife exit codes on windows?

WinRM is… special. Ok, that’s being too nice. It’s an abomination, but
it’s all we have on Windows unless you want to install an SSH daemon. There
is not, as far as I can tell, any way to get the exit code of a process
called via WinRM. Your best bet is to parse the output, unless someone else
knows of something that I have overlooked.

Larry Wright

On Feb 10, 2014, at 9:17 AM, Brian Anderson brian.anderson@affectiva.com
wrote:

I feel like I’m missing something obvious here. No matter what happens in
the run, knife winrm always seems to return 0.

To demonstrate this I did a remote run of chef-client, calling an invalid
override run list.

First on linux:

[banderson@banderson ~ ] knife ssh -m linhost -x user -i key.pem "sudo chef-client --force-logger -l info -o recipe[nosuch::recipel]" [...] linhost [2014-02-10T09:57:56-05:00] FATAL: Chef::Exceptions::RecipeNotFound: could not find recipe fooszl for cookbook affdex [banderson@banderson ~ ] echo $?
1

Then Windows:

knife winrm -m winhost -x Administrator -P password “chef-client
–force-logger -l info -o recipe[affdex::fooszl]”
[…]
winhost [2014-02-10T09:58:33-05:00] FATAL:
Chef::Exceptions::RecipeNotFound: could not find recipe fooszl for cookbook
affdex
[banderson@banderson ~ ] echo ?
0

Then I tried using the --returns arg to knife winrm:

knife winrm --returns 0 -m winhost -x Administrator
-P password “chef-client --force-logger -l info -o recipe[affdex::fooszl]”
[…]
winhost [2014-02-10T09:59:03-05:00] FATAL:
Chef::Exceptions::RecipeNotFound: could not find recipe fooszl for cookbook
affdex
ERROR: Failed to execute command on winhost return code 1
[banderson@banderson ~ ] echo ?
0

Is there some way that I am missing to get knife winrm to return 1 when
the chef run fails, like knife ssh does?

Thanks,

Brian


Brian Anderson | Operations Engineer
Phone 781.696.1304
[image:
http://www.finsmes.com/wp-content/uploads/2011/07/Affectiva_logo_JPG.jpg]
www.affectiva.com
[image:
http://www.snoitulosten.com/wp-content/uploads/2010/01/facebook-small.jpg]http://www.facebook.com/affectiva
[image:
http://www.snoitulosten.com/wp-content/uploads/2010/01/twitter-small.jpg]https://twitter.com/Affectiva
[image:
http://images4.wikia.nocookie.net/__cb20101115140837/finalfantasy/images/9/93/Youtube_icon_logo.gif]http://www.youtube.com/user/affectiva
[image:
http://brendanmitchell.files.wordpress.com/2009/03/blog-icon-200.png]http://www.affectiva.com/blog/
[image:
http://www.itprosphilly.com/wp-content/uploads/2011/08/linkedin-icon-small.png]http://www.linkedin.com/company/affectiva_2
[image:
http://www.thesimplerweb.com/wp-content/uploads/2012/08/google-plus-icon.jpg?cda6c1]https://plus.google.com/b/115885368219797754125/115885368219797754125/posts

LEGAL DISCLAIMER
This communication and any attached documents are strictly confidential
and/or legally privileged and they may not be used or disclosed by someone
who is not a named recipient. If you have received this electronic
communication in error please notify the sender by replying to this
electronic communication inserting the word “misdirected” as the subject
and delete this communication from your system.


#8

On Fri, Mar 21, 2014 at 4:24 PM, Kenneth Barry kbarry-x@tunein.com wrote:

We have WinRM enabled/configures using GPO, works everywhere. How are yall
handling it?

I’m running everything in EC2, so I have a windows base AMI that I launch
from that has winrm pre-configured. Any new instances launched from that
are ready to go.

Brian

http://www.facebook.com/affectiva https://twitter.com/Affectiva
http://www.youtube.com/user/affectiva
http://www.affectiva.com/blog/ http://www.linkedin.com/company/affectiva_2
https://plus.google.com/b/115885368219797754125/115885368219797754125/posts


#9

Kenneth,

You don’t happen to have any information/blog/RTFM on how you achieved this
in a domain environment w/ your GPOs do you? I’ve taken cursory looks at
getting this configured, but the domain always seemed to be a hindrance and
I’d like to start getting my Windows side into Chef as well.

On Tue, Mar 25, 2014 at 9:15 AM, Brian Anderson <
brian.anderson@affectiva.com> wrote:

On Fri, Mar 21, 2014 at 4:24 PM, Kenneth Barry kbarry-x@tunein.comwrote:

We have WinRM enabled/configures using GPO, works everywhere. How are
yall handling it?

I’m running everything in EC2, so I have a windows base AMI that I launch
from that has winrm pre-configured. Any new instances launched from that
are ready to go.

Brian

http://www.facebook.com/affectiva https://twitter.com/Affectiva http://www.youtube.com/user/affectiva
http://www.affectiva.com/blog/ http://www.linkedin.com/company/affectiva_2
https://plus.google.com/b/115885368219797754125/115885368219797754125/posts


#10

Lemme see what i can pull together on this.

On Tue, Mar 25, 2014 at 8:18 AM, Joseph Martin joseph.martin@gmail.comwrote:

Kenneth,

You don’t happen to have any information/blog/RTFM on how you achieved
this in a domain environment w/ your GPOs do you? I’ve taken cursory looks
at getting this configured, but the domain always seemed to be a hindrance
and I’d like to start getting my Windows side into Chef as well.

On Tue, Mar 25, 2014 at 9:15 AM, Brian Anderson <
brian.anderson@affectiva.com> wrote:

On Fri, Mar 21, 2014 at 4:24 PM, Kenneth Barry kbarry-x@tunein.comwrote:

We have WinRM enabled/configures using GPO, works everywhere. How are
yall handling it?

I’m running everything in EC2, so I have a windows base AMI that I launch
from that has winrm pre-configured. Any new instances launched from that
are ready to go.

Brian

http://www.facebook.com/affectiva https://twitter.com/Affectiva http://www.youtube.com/user/affectiva
http://www.affectiva.com/blog/ http://www.linkedin.com/company/affectiva_2
https://plus.google.com/b/115885368219797754125/115885368219797754125/posts


#11

http://powershell.org/wp/2012/08/06/ebook-secrets-of-powershell-remoting/

I know we used this as a reference. Its long, But you want the sectionst
hat starts on page 79 :slight_smile:

I’ll see if I can get a snapshot of the settings in the GPO we have that
handles this.

On Tue, Mar 25, 2014 at 12:17 PM, Kenneth Barry kbarry-x@tunein.com wrote:

Lemme see what i can pull together on this.

On Tue, Mar 25, 2014 at 8:18 AM, Joseph Martin joseph.martin@gmail.comwrote:

Kenneth,

You don’t happen to have any information/blog/RTFM on how you achieved
this in a domain environment w/ your GPOs do you? I’ve taken cursory looks
at getting this configured, but the domain always seemed to be a hindrance
and I’d like to start getting my Windows side into Chef as well.

On Tue, Mar 25, 2014 at 9:15 AM, Brian Anderson <
brian.anderson@affectiva.com> wrote:

On Fri, Mar 21, 2014 at 4:24 PM, Kenneth Barry kbarry-x@tunein.comwrote:

We have WinRM enabled/configures using GPO, works everywhere. How are
yall handling it?

I’m running everything in EC2, so I have a windows base AMI that I
launch from that has winrm pre-configured. Any new instances launched from
that are ready to go.

Brian

http://www.facebook.com/affectiva https://twitter.com/Affectiva http://www.youtube.com/user/affectiva
http://www.affectiva.com/blog/ http://www.linkedin.com/company/affectiva_2
https://plus.google.com/b/115885368219797754125/115885368219797754125/posts