Knife winrm does not show output after joining domain

Chef Infra (archive)
1

Initial run before joining domain runs and I can see output from chef workstation

 $ knife winrm -m ipaddress -x 'winrmuser' -P 'secret' chef-client 
<ipaddress> [2016-04-01T20:52:08+00:00] INFO: *** Chef 12.6.0 ***
<ipaddress> [2016-04-01T20:52:08+00:00] INFO: Chef-client pid: 1472

after the box gets renamed, attached to domain, and run stig gpos there is no more output unless I add -VV

$ knife winrm -m <ipaddress> -x 'Domain\admin' chef-client -VV
INFO: Using configuration from<path>.chef/knife.rb
DEBUG: Looking for key winrm_authentication_protocol and found value negotiate
DEBUG: Looking for key ca_trust_file and found value
DEBUG: Looking for key winrm_user and found value 'Domain\admin'
DEBUG: Looking for key winrm_authentication_protocol and found value negotiate
DEBUG: Looking for key winrm_transport and found value plaintext
DEBUG: Looking for key winrm_authentication_protocol and found value negotiate
DEBUG: Looking for key winrm_password and found value
DEBUG: Looking for key winrm_port and found value 5985
DEBUG: Looking for key session_timeout and found value 30
DEBUG: Looking for key session_timeout and found value 30
DEBUG: Looking for key winrm_authentication_protocol and found value negotiate
DEBUG: Looking for key winrm_transport and found value plaintext
DEBUG: Looking for key winrm_authentication_protocol and found value negotiate
DEBUG: Looking for key winrm_transport and found value plaintext
DEBUG: Looking for key winrm_authentication_protocol and found value negotiate
DEBUG: Looking for key ca_trust_file and found value
Enter your password:
DEBUG: Looking for key ca_trust_file and found value
DEBUG: Adding <ipaddress>
DEBUG: WinRM::WinRMWebService options: {:user=>"Domain\admin", :pass=>"secret", :basic_auth_only=>false, :disable_sspi=>false, :no_ssl_peer_verification=>false, :ca_trust_path=>nil}
DEBUG: Endpoint: http://<ipaddress>:5985/wsman
DEBUG: Transport: negotiate
DEBUG: chef-client
DEBUG: 10.8.62.230[932E49C8-B7FF-4110-9514-696CA84D3E2E] => :run_command[chef-client]
DEBUG: 10.8.62.230[932E49C8-B7FF-4110-9514-696CA84D3E2E] => :command_cleanup[chef-client]
DEBUG: 10.8.62.230[932E49C8-B7FF-4110-9514-696CA84D3E2E] => :shell_close

curious if there is something that can be configured on the node to show output again?

####Thanks

1 Like
2

Interesting. While the output of chef-client is missing, do you think it is running or immediately returning? Any info in the chef log? I’t would be interesting to see if this is specific to chef-client or winrm in general. Try just running ipconfig. Do you get output with that?

3

I think that’s a good idea. My suspicion would be that there’s a Group Policy Object that joining the domain caused to get applied to the node that changed something with regards to WinRM.

Nathan Clemons

DevOps Engineer

Moxie Cloud Services (MCS)

O +1.425.467.5075

M +1.360.861.6291

E nclemons@gomoxie.com

W www.gomoxie.comhttp://www.gomoxie.com/

4

Chef-client does seem to run, and not immediately return. It just has no output. A “powershell ls” or other commands do give output properly.

5

It seems that

knife winrm -m <ipaddress> -x '<username>' -P '<secret>' chef-client

does run, This is the log in the windows node

[2016-04-01T20:45:44+00:00] INFO: Chef Client Service initialized
[2016-04-01T20:45:49+00:00] INFO: Next chef-client run will happen in 0.8101451506118645 seconds
[2016-04-01T20:45:52+00:00] INFO: Reconfiguring with startup parameters
[2016-04-01T20:46:01+00:00] INFO: Chef-Client service is starting a chef-client run...
[2016-04-01T20:46:02+00:00] INFO: Starting chef-client in a new processns
[2016-04-01T20:46:07+00:00] WARN: Ohai::Config[:plugin_path] is set. Ohai::Config[:plugin_path] is deprecated and will be removed in future releases of ohai. Use ohai.plugin_path in your configuration file to configure :plugin_path for ohai.
[2016-04-01T20:46:10+00:00] INFO: *** Chef 12.6.0 ***
[2016-04-01T20:46:10+00:00] INFO: Chef-client pid: 2472
[2016-04-01T20:46:10+00:00] WARN: Ohai::Config[:plugin_path] is set. Ohai::Config[:plugin_path] is deprecated and will be removed in future releases of ohai. Use ohai.plugin_path in your configuration file to configure :plugin_path for ohai.
[2016-04-01T20:46:39+00:00] INFO: Run List is [recipe[windows_post_process], role[default]]
[2016-04-01T20:46:39+00:00] INFO: Run List expands to [windows_post_process, default]
[2016-04-01T20:46:39+00:00] INFO: Starting Chef Run for hostname
[2016-04-01T20:46:39+00:00] INFO: Running start handlers
[2016-04-01T20:46:39+00:00] INFO: Start handlers complete.
[2016-04-01T20:46:40+00:00] INFO: Loading cookbooks [build-essential@2.2.3, yum-epel@0.6.5, auth@0.1.0, apt@2.7.0, aws@2.7.2, chef-sugar@3.1.0, chef-vault@1.3.0, chef-client@4.3.0, chef_handler@1.1.8, chef-splunk@1.4.5, logrotate@1.9.1, iis@4.1.1, mysql@6.0.22, database@4.0.6, apache2@3.1.0, openssl@4.0.0, packagecloud@0.0.18, yum@3.6.0, php@1.5.0, rbac@1.0.3, push-jobs@2.2.0, postfix@3.7.0, runit@1.6.0, postgresql@3.4.20, yum-mysql-community@0.1.17, windows@1.38.3, xml@1.2.13, cron@1.6.2, smf@2.2.8, sudo@2.7.2, windows_ad@0.4.4, trend_agent@0.0.26, os@0.2.25, windows_post_process@0.1.0, ms_dotnet@2.6.1, powershell@3.2.3, -centrify@0.4.1, ohai@2.0.6, -repo@0.1.17, awsfs@1.0.14, ntp@1.8.7, epo@0.1.20, splunk@0.1.25, default@1.5.12, zabbix-pkg@0.1.4, tripwire@1.1.21]
[2016-04-01T20:46:43+00:00] WARN: The on_platforms option to node_map has been deprecated at C:/chef/cache/cookbooks/powershell/libraries/powershell_module_resource.rb:25:in `<class:PowershellModule>' at C:/opscode/chef/embedded/lib/ruby/gems/2.0.0/gems/chef-12.6.0-universal-mingw32/lib/chef/event_dispatch/dispatcher.rb:43:in `call'
[2016-04-01T20:46:43+00:00] WARN: The on_platforms option to node_map has been deprecated at C:/chef/cache/cookbooks/powershell/libraries/powershell_module_resource.rb:25:in `<class:PowershellModule>' at C:/opscode/chef/embedded/lib/ruby/gems/2.0.0/gems/chef-12.6.0-universal-mingw32/lib/chef/event_dispatch/dispatcher.rb:43:in `call'
[2016-04-01T20:46:43+00:00] WARN: Cannot specify both default and name_property together on property path of resource yum_globalconfig. Only one (name_property) will be obeyed. In Chef 13, this will become an error. at C:/chef/cache/cookbooks/yum/resources/globalconfig.rb:76:in `class_from_file' at C:/opscode/chef/embedded/lib/ruby/gems/2.0.0/gems/chef-12.6.0-universal-mingw32/lib/chef/event_dispatch/dispatcher.rb:43:in `call'
[2016-04-01T20:46:44+00:00] WARN: Cloning resource attributes for windows_task[chef-client] from prior resource (CHEF-3694)
[2016-04-01T20:46:44+00:00] WARN: Previous windows_task[chef-client]: C:/chef/cache/cookbooks/windows_post_process/recipes/default.rb:16:in `from_file'
[2016-04-01T20:46:44+00:00] WARN: Current  windows_task[chef-client]: C:/chef/cache/cookbooks/windows_post_process/recipes/default.rb:87:in `from_file'
[2016-04-01T20:46:44+00:00] INFO: ohai plugins will be at: C:/chef/ohai_plugins
[2016-04-01T20:46:44+00:00] INFO: Processing remote_directory[C:/chef/ohai_plugins for cookbook ohai] action create (ohai::default line 33)
[2016-04-01T20:46:44+00:00] INFO: Processing cookbook_file[C:/chef/ohai_plugins/vulnerabilities.rb] action create (dynamically defined)
[2016-04-01T20:46:44+00:00] INFO: Processing cookbook_file[C:/chef/ohai_plugins/packages.rb] action create (dynamically defined)
[2016-04-01T20:46:44+00:00] INFO: Processing cookbook_file[C:/chef/ohai_plugins/windows_packages.rb] action create (dynamically defined)
[2016-04-01T20:46:44+00:00] INFO: Processing cookbook_file[C:/chef/ohai_plugins/README] action create (dynamically defined)
[2016-04-01T20:46:44+00:00] INFO: Processing cookbook_file[C:/chef/ohai_plugins/_datacenter_id.rb] action create (dynamically defined)
[2016-04-01T20:46:44+00:00] INFO: Processing cookbook_file[C:/chef/ohai_plugins/windows_services.rb] action create (dynamically defined)
[2016-04-01T20:46:44+00:00] WARN: chef_gem[ruby-wmi] chef_gem compile_time installation is deprecated at C:/chef/cache/cookbooks/ohai/recipes/default.rb:52:in `from_file' at C:/opscode/chef/embedded/lib/ruby/gems/2.0.0/gems/chef-12.6.0-universal-mingw32/lib/chef/event_dispatch/dispatcher.rb:43:in `call'
[2016-04-01T20:46:44+00:00] WARN: chef_gem[ruby-wmi] Please set `compile_time false` on the resource to use the new behavior. at C:/chef/cache/cookbooks/ohai/recipes/default.rb:52:in `from_file' at C:/opscode/chef/embedded/lib/ruby/gems/2.0.0/gems/chef-12.6.0-universal-mingw32/lib/chef/event_dispatch/dispatcher.rb:43:in `call'
[2016-04-01T20:46:44+00:00] WARN: chef_gem[ruby-wmi] or set `compile_time true` on the resource if compile_time behavior is required. at C:/chef/cache/cookbooks/ohai/recipes/default.rb:52:in `from_file' at C:/opscode/chef/embedded/lib/ruby/gems/2.0.0/gems/chef-12.6.0-universal-mingw32/lib/chef/event_dispatch/dispatcher.rb:43:in `call'
[2016-04-01T20:46:44+00:00] INFO: Processing chef_gem[ruby-wmi] action install (ohai::default line 52)
[2016-04-01T20:46:47+00:00] INFO: Tmp folder determined to be [C:\Windows\TEMP]
[2016-04-01T20:46:47+00:00] INFO: Local file: C:\Windows\TEMP\ds_agent.msi
[2016-04-01T20:46:47+00:00] INFO: URL: http://repo...priv/repo/-custom/trend/ds_agent.msi
[2016-04-01T20:46:47+00:00] INFO: Processing chef_gem[aws-sdk] action install (aws::default line 20)
[2016-04-01T20:46:47+00:00] INFO: Processing windows_task[chef-client] action create (windows_post_process::default line 16)
[2016-04-01T20:46:48+00:00] INFO: Processing powershell_script[rename-computer] action run (windows_post_process::default line 35)
[2016-04-01T20:46:48+00:00] INFO: Processing powershell_script[Guard resource] action run (dynamically defined)
[2016-04-01T20:46:49+00:00] INFO: powershell_script[Guard resource] ran successfully
[2016-04-01T20:46:49+00:00] INFO: Processing reboot[Restart Computer] action nothing (windows_post_process::default line 51)
[2016-04-01T20:46:49+00:00] INFO: Processing powershell_script[check-domain] action run (windows_post_process::default line 57)
[2016-04-01T20:46:49+00:00] INFO: Processing powershell_script[Guard resource] action run (dynamically defined)
[2016-04-01T20:46:49+00:00] INFO: powershell_script[Guard resource] ran successfully
[2016-04-01T20:46:49+00:00] INFO: Processing powershell_script[add-service-user-to-local-group] action run (windows_post_process::default line 75)
[2016-04-01T20:46:49+00:00] INFO: Processing windows_task[chef-client] action delete (windows_post_process::default line 87)
[2016-04-01T20:46:50+00:00] INFO: Processing user[delete-temp-user] action remove (windows_post_process::default line 97)
[2016-04-01T20:46:50+00:00] INFO: Processing powershell_script[disable_windows_firewall] action run (windows_post_process::default line 114)
[2016-04-01T20:46:51+00:00] INFO: powershell_script[disable_windows_firewall] ran successfully
[2016-04-01T20:46:51+00:00] INFO: Processing breakpoint[C:/opscode/chef/embedded/lib/ruby/gems/2.0.0/gems/chef-12.6.0-universal-mingw32/lib/chef/resource_builder.rb:48:in `new'] action break (default::default line 9)
[2016-04-01T20:46:51+00:00] INFO: Processing breakpoint[C:/opscode/chef/embedded/lib/ruby/gems/2.0.0/gems/chef-12.6.0-universal-mingw32/lib/chef/resource_builder.rb:48:in `new'] action break (default::windows line 1)
[2016-04-01T20:46:51+00:00] INFO: Processing log[Configuring chef-client/ohai] action write (default::windows line 3)
[2016-04-01T20:46:51+00:00] INFO: Configuring chef-client/ohai
[2016-04-01T20:46:51+00:00] INFO: Processing directory[C:/chef/run] action create (chef-client::config line 53)
[2016-04-01T20:46:51+00:00] INFO: Processing directory[C:/chef/cache] action create (chef-client::config line 53)
[2016-04-01T20:46:51+00:00] INFO: Processing directory[C:/chef/backup] action create (chef-client::config line 53)
[2016-04-01T20:46:51+00:00] INFO: Processing directory[C:/chef/log] action create (chef-client::config line 53)
[2016-04-01T20:46:51+00:00] INFO: Processing directory[C:/chef] action create (chef-client::config line 53)
[2016-04-01T20:46:51+00:00] INFO: Processing file[C:/chef/log/client.log] action create (chef-client::config line 54)
[2016-04-01T20:46:51+00:00] WARN: Mode 640 includes bits for the owner, but owner is not specified
[2016-04-01T20:46:51+00:00] WARN: Mode 640 includes bits for the group, but group is not specified
[2016-04-01T20:46:51+00:00] INFO: Processing template[C:/chef/client.rb] action create (chef-client::config line 76)
[2016-04-01T20:46:51+00:00] INFO: Processing directory[C:/chef/client.d] action create (chef-client::config line 95)
[2016-04-01T20:46:51+00:00] INFO: Processing ruby_block[reload_client_config] action nothing (chef-client::config line 102)
[2016-04-01T20:46:51+00:00] INFO: Processing log[Configuring certs] action write (default::windows line 6)
[2016-04-01T20:46:51+00:00] INFO: Configuring certs
[2016-04-01T20:46:51+00:00] INFO: Processing cookbook_file[C:/chef/ca-bundle.crt] action create (os::certs_only line 7)
[2016-04-01T20:46:51+00:00] INFO: Processing execute[register-chef-service] action run (chef-client::windows_service line 32)
[2016-04-01T20:46:51+00:00] INFO: Processing windows_service[chef-client] action enable (chef-client::windows_service line 37)
[2016-04-01T20:46:51+00:00] INFO: Processing windows_service[chef-client] action start (chef-client::windows_service line 37)
[2016-04-01T20:46:51+00:00] INFO: Processing remote_directory[C:/chef/ohai_plugins for cookbook ohai] action nothing (ohai::default line 33)
[2016-04-01T20:46:51+00:00] INFO: Processing ohai[custom_plugins] action nothing (ohai::default line 47)
[2016-04-01T20:46:51+00:00] INFO: Processing chef_gem[ruby-wmi] action install (ohai::default line 52)
[2016-04-01T20:46:52+00:00] INFO: Processing log[Configuring push jobs] action write (default::windows line 15)
[2016-04-01T20:46:52+00:00] INFO: Configuring push jobs
[2016-04-01T20:46:52+00:00] INFO: Processing breakpoint[C:/opscode/chef/embedded/lib/ruby/gems/2.0.0/gems/chef-12.6.0-universal-mingw32/lib/chef/resource_builder.rb:48:in `new'] action break (default::windows line 20)
[2016-04-01T20:46:52+00:00] INFO: Processing log[Setting up splunk client] action write (default::windows line 21)
[2016-04-01T20:46:52+00:00] INFO: Setting up splunk client
[2016-04-01T20:46:52+00:00] INFO: Processing windows_service[SplunkForwarder] action nothing (splunk::windows_client line 24)
[2016-04-01T20:46:52+00:00] INFO: Processing windows_package[UniversalForwarder] action install (splunk::windows_client line 32)
[2016-04-01T20:46:52+00:00] INFO: Processing template[C:\Program Files\SplunkUniversalForwarder/etc/system/local/outputs.conf] action create (splunk::windows_client line 40)
[2016-04-01T20:46:52+00:00] WARN: Mode 644 includes bits for the owner, but owner is not specified
[2016-04-01T20:46:52+00:00] WARN: Mode 644 includes bits for the group, but group is not specified
[2016-04-01T20:46:52+00:00] INFO: Processing template[C:\Program Files\SplunkUniversalForwarder/etc/apps/SplunkUniversalForwarder/local/limits.conf] action create (splunk::windows_client line 47)
[2016-04-01T20:46:52+00:00] WARN: Mode 644 includes bits for the owner, but owner is not specified
[2016-04-01T20:46:52+00:00] WARN: Mode 644 includes bits for the group, but group is not specified
[2016-04-01T20:46:52+00:00] INFO: Processing execute[change-admin-user-password-from-default] action run (splunk::windows_client line 55)
[2016-04-01T20:46:52+00:00] INFO: Processing file[C:\Program Files\SplunkUniversalForwarder/etc/.setup_admin_password] action create (splunk::windows_client line 60)
[2016-04-01T20:46:52+00:00] INFO: Processing breakpoint[C:/opscode/chef/embedded/lib/ruby/gems/2.0.0/gems/chef-12.6.0-universal-mingw32/lib/chef/resource_builder.rb:48:in `new'] action break (default::windows line 26)
[2016-04-01T20:46:52+00:00] INFO: Processing log[Installing Trend Agent] action write (default::windows line 27)
[2016-04-01T20:46:52+00:00] INFO: Installing Trend Agent
[2016-04-01T20:46:52+00:00] INFO: Processing breakpoint[C:/opscode/chef/embedded/lib/ruby/gems/2.0.0/gems/chef-12.6.0-universal-mingw32/lib/chef/resource_builder.rb:48:in `new'] action break (default::windows line 31)
[2016-04-01T20:46:52+00:00] INFO: Processing log[Installing tripwire] action write (default::windows line 32)
[2016-04-01T20:46:52+00:00] INFO: Installing tripwire
[2016-04-01T20:46:52+00:00] INFO: Processing chef_gem[aws-sdk] action install (aws::default line 20)
[2016-04-01T20:46:52+00:00] INFO: Processing breakpoint[C:/opscode/chef/embedded/lib/ruby/gems/2.0.0/gems/chef-12.6.0-universal-mingw32/lib/chef/resource_builder.rb:48:in `new'] action break (default::windows line 35)
[2016-04-01T20:46:52+00:00] INFO: Processing log[Installing EPO] action write (default::windows line 36)
[2016-04-01T20:46:52+00:00] INFO: Installing EPO
[2016-04-01T20:46:52+00:00] INFO: Processing aws_s3_file[C:\chef\cache/CivEpoWin.exe] action create (epo::windows line 9)
[2016-04-01T20:46:52+00:00] WARN: C:/chef/cache/cookbooks/aws/providers/s3_file.rb:41:in `block in do_s3_file': property group is declared in both remote_file[C:\chef\cache/CivEpoWin.exe] and #<#<Class:0x442c068>:0x8810cb8>. Use new_resource.group instead. At C:/chef/cache/cookbooks/aws/providers/s3_file.rb:41:in `block in do_s3_file'
[2016-04-01T20:46:52+00:00] INFO: Processing remote_file[C:\chef\cache/CivEpoWin.exe] action create (C:/chef/cache/cookbooks/aws/providers/s3_file.rb line 37)
[2016-04-01T20:46:55+00:00] INFO: remote_file[C:\chef\cache/CivEpoWin.exe] created file C:\chef\cache/CivEpoWin.exe
[2016-04-01T20:46:56+00:00] INFO: remote_file[C:\chef\cache/CivEpoWin.exe] updated file contents C:\chef\cache/CivEpoWin.exe
[2016-04-01T20:46:56+00:00] INFO: Processing execute[C:\chef\cache/CivEpoWin.exe /install=agent /silent] action run (epo::windows line 17)
[2016-04-01T20:47:45+00:00] INFO: execute[C:\chef\cache/CivEpoWin.exe /install=agent /silent] ran successfully
[2016-04-01T20:47:45+00:00] INFO: Processing breakpoint[C:/opscode/chef/embedded/lib/ruby/gems/2.0.0/gems/chef-12.6.0-universal-mingw32/lib/chef/resource_builder.rb:48:in `new'] action break (default::windows line 39)
[2016-04-01T20:47:45+00:00] INFO: Processing log[Installing Centrify] action write (default::windows line 40)
[2016-04-01T20:47:45+00:00] INFO: Installing Centrify
[2016-04-01T20:47:45+00:00] INFO: Processing aws_s3_file[C:\chef\cache/Centrify Windows Agent64.msi] action create (-centrify::windows line 18)
[2016-04-01T20:47:45+00:00] WARN: C:/chef/cache/cookbooks/aws/providers/s3_file.rb:41:in `block in do_s3_file': property group is declared in both remote_file[C:\chef\cache/Centrify Windows Agent64.msi] and #<#<Class:0x442c068>:0x2ab0628>. Use new_resource.group instead. At C:/chef/cache/cookbooks/aws/providers/s3_file.rb:41:in `block in do_s3_file'
[2016-04-01T20:47:45+00:00] INFO: Processing remote_file[C:\chef\cache/Centrify Windows Agent64.msi] action create (C:/chef/cache/cookbooks/aws/providers/s3_file.rb line 37)
[2016-04-01T20:47:48+00:00] INFO: Starting audit phase
[2016-04-01T20:47:50+00:00] INFO: Successfully executed all `control_group` blocks and contained examples
[2016-04-01T20:47:50+00:00] INFO: 
Finished in 0 seconds (files took 1.42 seconds to load)
0 examples, 0 failures

but for some reason it just doesnt dislpay the chef run on STDOUT in the chef workstation

I can run other commands that will return output to STDOUT like:

knife winrm -m <ipaddress> -x '<username>' -P '<secret>' "powershell ls"
<ipaddress>
<ipaddress>
<ipaddress>     Directory: C:\
<ipaddress>
<ipaddress>
<ipaddress> Mode                LastWriteTime     Length Name
<ipaddress> ----                -------------     ------ ----
<ipaddress> d-r--         5/13/2014   8:02 PM            Contacts
<ipaddress> d-r--         5/13/2014   8:02 PM            Desktop
<ipaddress> d-r--          4/1/2016   8:31 PM            Documents
<ipaddress> d-r--         5/13/2014   8:02 PM            Downloads
<ipaddress> d-r--         5/13/2014   8:02 PM            Favorites
<ipaddress> d-r--         5/13/2014   8:02 PM            Links
<ipaddress> d-r--         5/13/2014   8:02 PM            Music
<ipaddress> d-r--         5/13/2014   8:02 PM            Pictures
<ipaddress> d-r--         5/13/2014   8:02 PM            Saved Games
<ipaddress> d-r--         5/13/2014   8:02 PM            Searches
<ipaddress> d-r--         5/13/2014   8:02 PM            Videos
<ipaddress>
<ipaddress>

Just fyi I am currently using the latest WinRM gem

$ chef gem list | grep winrm
winrm (1.7.0)
6

I think the domain join here may be a red herring. What I’d be willing to bet is happening is that your bootstrap adds a log_location to your client.rb. This will not only cause chef run output to log to that location but will suppress output to STDOUT unless in a tty. One unfortunate characteristic of a WinRM session is that it is NOT associated with a TTY in a console like SSH. So the checks that chef performs thinks that you are running in a headless mode.

You can get around this by removing the log location from your client.rb or you can create an alternate client.rb and use the -c argument of chef-client to point to it.

That feels like a pretty lame workaround so you may consider opening an issue regarding this on the chef repo.

7

You’re correct Matt. I was having the same issue. Removing log_location in client.rb did the trick.