Question about using databag and also about using Ohai in recipe?

Hi,

I’m still really new with Chef and kind of struggling with some of the concepts and tools, but I currently have a test/experimental cookbook recipe that does dcpromo on a Windows server, i.e., it turns the Windows server into a domain controller.

This recipe uses information from a databag to get the domain name (and the netbios name) and the admin password from a databag.

The data in databag currently looks like:

{
“id”: “main”,
“domain_name”: “whatever.com”,
“domain_netbios_name”: “whatever”,
“admin_password”: “Pxxxxx”
}

For a test environment I’m trying to setup, I actually need to AD-enable several domain controllers, so I’ve been trying to think of how to extend what I’ve done with Chef thus far, so that I could have one cookbook/recipe that would be able to do that.

I’m thinking that maybe I could have information for multiple domains in the databag, something like:

{

{
“id”: “main”,
“domain_name”: “whatever.com”,
“domain_netbios_name”: “whatever”,
“admin_password”: “Pxxxxx”
},

{
“id”: “whatever1”,
“domain_name”: “whatever1.com”,
“domain_netbios_name”: “whatever1”,
“admin_password”: “Pxxxxx”
},

{
“id”: “whatever2”,
“domain_name”: “whatever2.com”,
“domain_netbios_name”: “whatever2”,
“admin_password”: “Pxxxxx”
}

}

and then, in the recipe, load the databag/item using ohai ‘node[‘hostname’]’, instead of the hard-coded ‘main’.

In other words, instead of having:

begin
dcpromote = Chef::DataBagItem.load(‘dcpromote’, ‘main’)
rescue
Chef::Log.fatal(“Could not find the ‘main’ item in the ‘dcpromote’ data bag - Raising fatal error!!”)
raise
end

I’d have:

begin
dcpromote = Chef::DataBagItem.load(‘dcpromote’, node[‘hostname’])
rescue
Chef::Log.fatal(“Could not find the ‘main’ item in the ‘dcpromote’ data bag - Raising fatal error!!”)
raise
end

Is that the correct way to get the (short) hostname from ohai? And, overall, would the approach that I’ve described above work?

Is there maybe a better way to do this (using Chef)? At one point, I was thinking of using roles, but then it seemed like I’d end up having to create one role for each of the specific domain controller nodes?

Thanks,
Jim

Jim,

I'd recommend looking at the Windows_AD cookbook:

While they don't use data bags, you could easily pass in items to the
resources to handle multiple domains. Or, use a data bag to loop through
the various domains and make it happen.

On Sat, Jun 20, 2015 at 9:29 PM, o haya ohaya@yahoo.com wrote:

Hi,

I'm still really new with Chef and kind of struggling with some of the
concepts and tools, but I currently have a test/experimental cookbook
recipe that does dcpromo on a Windows server, i.e., it turns the Windows
server into a domain controller.

This recipe uses information from a databag to get the domain name (and
the netbios name) and the admin password from a databag.

The data in databag currently looks like:

{
"id": "main",
"domain_name": "whatever.com",
"domain_netbios_name": "whatever",
"admin_password": "Pxxxxx"
}

For a test environment I'm trying to setup, I actually need to AD-enable
several domain controllers, so I've been trying to think of how to extend
what I've done with Chef thus far, so that I could have one cookbook/recipe
that would be able to do that.

I'm thinking that maybe I could have information for multiple domains in
the databag, something like:

{

{
"id": "main",
"domain_name": "whatever.com",
"domain_netbios_name": "whatever",
"admin_password": "Pxxxxx"
},

{
"id": "whatever1",
"domain_name": "whatever1.com",
"domain_netbios_name": "whatever1",
"admin_password": "Pxxxxx"
},

{
"id": "whatever2",
"domain_name": "whatever2.com",
"domain_netbios_name": "whatever2",
"admin_password": "Pxxxxx"
}

}

and then, in the recipe, load the databag/item using ohai
'node['hostname']', instead of the hard-coded 'main'.

In other words, instead of having:

begin
dcpromote = Chef::DataBagItem.load('dcpromote', 'main')
rescue
Chef::Log.fatal("Could not find the 'main' item in the 'dcpromote' data
bag - Raising fatal error!!")
raise
end

I'd have:

begin
dcpromote = Chef::DataBagItem.load('dcpromote', node['hostname'])
rescue
Chef::Log.fatal("Could not find the 'main' item in the 'dcpromote' data
bag - Raising fatal error!!")
raise
end

Is that the correct way to get the (short) hostname from ohai? And,
overall, would the approach that I've described above work?

Is there maybe a better way to do this (using Chef)? At one point, I was
thinking of using roles, but then it seemed like I'd end up having to
create one role for each of the specific domain controller nodes?

Thanks,
Jim

--
Galen Emery — Automation Engineer

425.341.3619 – galen@chef.io my: Linkedin
https://www.linkedin.com/in/gemery Twitter
http://www.twitter.com/galen_emery

CHEF

TM

https://t.yesware.com/tl/fa4d128b44f15b1f6d3a08e3c3ba836326ce28ca/7963335485c64b73a77697a84b5671ed/ae649db7c07210ea32a5b85e88a4c254?ytl=http%3A%2F%2Fwww.getchef.com%2F

Blog
https://t.yesware.com/tl/fa4d128b44f15b1f6d3a08e3c3ba836326ce28ca/7963335485c64b73a77697a84b5671ed/7f97fd5d54b095e69ab2db7730a19361?ytl=http%3A%2F%2Fwww.getchef.com%2Fblog%2F
Facebook
https://t.yesware.com/tl/fa4d128b44f15b1f6d3a08e3c3ba836326ce28ca/7963335485c64b73a77697a84b5671ed/79b4a7dcc9a3776f42f0c230394779a0?ytl=https%3A%2F%2Fwww.facebook.com%2Fgetchefdotcom
Twitter https://twitter.com/chef Youtube
https://t.yesware.com/tl/fa4d128b44f15b1f6d3a08e3c3ba836326ce28ca/7963335485c64b73a77697a84b5671ed/8e5448001e916bf0317a4e59de1ba7a2?ytl=https%3A%2F%2Fwww.youtube.com%2Fgetchef