Using Python to talk to the Chef server from Windows PE


#1

I have Python Windows install scripts that run in Windows PE. During a re-install (with the same machine name) the chef-client will fail since the client cert already exists. I am attempting to delete the client from the chef server during a re-install in Window PE.

Is there example code for making an API call to the Chef Server in Python 3.x from Window PE 3.0?

I found pychef (https://github.com/Scalr/pychef) that will delete the client key. The problem is that it required OpenSSL which in turn requires Visual C++ 2008 Redistributables (http://www.microsoft.com/en-us/download/details.aspx?id=29). I have been unsuccessful in getting the Visual C++ 2008 Redistributables loaded in Windows PE. I have tried just to copy the DLLs but that throws the following error.

The application failed to start because its side-by-side configuration is
incorrect. Please see the application event log or use the command-line
sxstrace.exe tool for more detail

Is there a way to get the Visual C++ 2008 Redistributables into Windows PE?

Alternatively, I found a RSA library (http://stuvel.eu/rsa) that is pure python. I made an attempt to use that library instead of OpenSSL by replacing the Key class.

import rsa

class Key(object):
def init(self, key):
if isinstance(key, str):
if key.startswith(’-----’):
# PEM formatted text
key_data = key
else:
key_data = open(key, ‘rb’).read()
else:
key_data = key.read()

    self.private_key = rsa.PrivateKey.load_pkcs1(key_data)

def private_encrypt(self, data):
    return rsa.encrypt(data.encode('utf-8'), self.private_key)

The code runs but I get back HTTP Error 401: Unauthorized.

Invalid signature for user or client 'testcert'

I don’t know too much about encryption so I assume I am just using the library wrong or need to change some setting. Will the pure python library work for talking to the Chef server? If so, what is the proper way to use it?

Thanks,
Jordan Wright


#2

Wright, Jordan M. Jordan.M.Wright@disney.com writes:

I have Python Windows install scripts that run in Windows PE. During a
re-install (with the same machine name) the chef-client will fail
since the client cert already exists. I am attempting to delete the
client from the chef server during a re-install in Window PE.

Is there example code for making an API call to the Chef Server in
Python 3.x from Window PE 3.0?

Is there a reason you need to script this from Pythin as opposed to
using Ruby and taking advantage of the libraries available via your
chef-client installation?

  • seth


Seth Falcon | Engineering Lead - Continuous Delivery | @sfalcon
CHEF | http://www.getchef.com/


#3

Mainly because my scripts are already written and working in Python. I also don’t think there is a way to install the chef-client in PE. I could copy the libraries over and see if they would work but I figured since the Chef Server API is just an HTTP endpoint it should be easy enough to make a call from Python.

Jordan

-----Original Message-----
From: Seth Falcon [mailto:seth@getchef.com]
Sent: Monday, May 26, 2014 4:52 PM
To: chef@lists.opscode.com
Subject: [chef] Re: Using Python to talk to the Chef server from Windows PE

Wright, Jordan M. Jordan.M.Wright@disney.com writes:

I have Python Windows install scripts that run in Windows PE. During a
re-install (with the same machine name) the chef-client will fail
since the client cert already exists. I am attempting to delete the
client from the chef server during a re-install in Window PE.

Is there example code for making an API call to the Chef Server in
Python 3.x from Window PE 3.0?

Is there a reason you need to script this from Pythin as opposed to
using Ruby and taking advantage of the libraries available via your
chef-client installation?

  • seth


Seth Falcon | Engineering Lead - Continuous Delivery | @sfalcon
CHEF | http://www.getchef.com/


#4

You would probably be best off compiling your own statically linked openssl DLL, but I have no idea how to do that. This should eventually get easier as I’ve been talking to the cryptography.io folks about getting status windows builds of that, which could then be used.

–Noah

On May 26, 2014, at 9:03 AM, “Wright, Jordan M.” Jordan.M.Wright@disney.com wrote:

I have Python Windows install scripts that run in Windows PE. During a re-install (with the same machine name) the chef-client will fail since the client cert already exists. I am attempting to delete the client from the chef server during a re-install in Window PE.

Is there example code for making an API call to the Chef Server in Python 3.x from Window PE 3.0?

I found pychef (https://github.com/Scalr/pychef) that will delete the client key. The problem is that it required OpenSSL which in turn requires Visual C++ 2008 Redistributables (http://www.microsoft.com/en-us/download/details.aspx?id=29). I have been unsuccessful in getting the Visual C++ 2008 Redistributables loaded in Windows PE. I have tried just to copy the DLLs but that throws the following error.

The application failed to start because its side-by-side configuration is
incorrect. Please see the application event log or use the command-line
sxstrace.exe tool for more detail

Is there a way to get the Visual C++ 2008 Redistributables into Windows PE?

Alternatively, I found a RSA library (http://stuvel.eu/rsa) that is pure python. I made an attempt to use that library instead of OpenSSL by replacing the Key class.

import rsa

class Key(object):
def init(self, key):
if isinstance(key, str):
if key.startswith(’-----’):
# PEM formatted text
key_data = key
else:
key_data = open(key, ‘rb’).read()
else:
key_data = key.read()

    self.private_key = rsa.PrivateKey.load_pkcs1(key_data)

def private_encrypt(self, data):
    return rsa.encrypt(data.encode('utf-8'), self.private_key)

The code runs but I get back HTTP Error 401: Unauthorized.

Invalid signature for user or client 'testcert'

I don’t know too much about encryption so I assume I am just using the library wrong or need to change some setting. Will the pure python library work for talking to the Chef server? If so, what is the proper way to use it?

Thanks,
Jordan Wright