Ohai,
Just a quick update on our quest to deploy Windows Server 2012 on EC2.
As mentioned previously, we’ve given up on using WinRM due the bug with
quota management. So we’re using SSH instead and after some initial issues
everything is working now.
It does take quite a few modifications to the knife-ec2 & knife-windows
plugins in order to bootstrap on EC2 using plain knife:
Hopefully these will be resolved soon. I’ll probably write up a blog post
at some point with our findings…
/Jeppe
Thanks for the summary Jeppe. KNIFE-286 should be addressed in master today and the ticket will be updated, and there are a few other fixes going into knife-windows. I’d like to release that set of changes as soon as possible, I’ll give an update on Wednesday once we’re firm on the timeline for release, and whether we include the other 3 you list below. Normally I would rather wait on those, but they completely block the ssh scenarios.
Regarding Server 2012, I’d like to be clear on what’s blocked - is it bootstrap that’s failing or recipes that require more quota (e.g. Sql server)? I would not expect the former since we found that a while ago and worked around it. For the latter, is the scheduled task workaround an option?
-Adam
From: Jeppe Nejsum Madsen <jeppe@ingolfs.dkmailto:jeppe@ingolfs.dk>
Reply-To: "chef@lists.opscode.commailto:chef@lists.opscode.com" <chef@lists.opscode.commailto:chef@lists.opscode.com>
Date: Monday, June 10, 2013 5:12 AM
To: "chef@lists.opscode.commailto:chef@lists.opscode.com" <chef@lists.opscode.commailto:chef@lists.opscode.com>
Subject: [chef] Windows Blues, part 2
Ohai,
Just a quick update on our quest to deploy Windows Server 2012 on EC2.
As mentioned previously, we’ve given up on using WinRM due the bug with quota management. So we’re using SSH instead and after some initial issues everything is working now.
It does take quite a few modifications to the knife-ec2 & knife-windows plugins in order to bootstrap on EC2 using plain knife:
Hopefully these will be resolved soon. I’ll probably write up a blog post at some point with our findings…
/Jeppe
On Mon, Jun 10, 2013 at 3:57 PM, Adam Edwards adamed@opscode.com wrote:
Thanks for the summary Jeppe. KNIFE-286 should be addressed in master
today and the ticket will be updated, and there are a few other fixes going
into knife-windows. I'd like to release that set of changes as soon as
possible, I'll give an update on Wednesday once we're firm on the timeline
for release, and whether we include the other 3 you list below. Normally I
would rather wait on those, but they completely block the ssh scenarios.
Sounds good! Agree that it seems as if SSH doesn't currently work with
Windows.
Regarding Server 2012, I'd like to be clear on what's blocked — is it
bootstrap that's failing or recipes that require more quota (e.g. Sql
server)? I would not expect the former since we found that a while ago and
worked around it. For the latter, is the scheduled task workaround an
option?
Bootstrap worked (with the patches mentioned previously), it was the quota
management that hit us. I haven't tried the scheduled tasks but did try the
PsExec workaround and that worked. We just decided that it was not a
sustainable solution, as basically we would have to do it on many recipes.
Ie. initially we only observed the problem with SQL Server, so we added
PsExec to this recipe. Then we found out that running all the recipes in
the run_list would cause some powershell scripts to fail in mysterious ways
(but not when running only this recipe). Adding PsExec here also solved the
problem.
/Jeppe
Thanks for the details Jeppe. One more question on 2k12: if MSFT gets the quota bug fixed soon, will you be able get back on the wagon using Win2k12?
Thanks.
-Adam
From: Jeppe Nejsum Madsen <jeppe@ingolfs.dkmailto:jeppe@ingolfs.dk>
Reply-To: "chef@lists.opscode.commailto:chef@lists.opscode.com" <chef@lists.opscode.commailto:chef@lists.opscode.com>
Date: Monday, June 10, 2013 7:28 AM
To: "chef@lists.opscode.commailto:chef@lists.opscode.com" <chef@lists.opscode.commailto:chef@lists.opscode.com>
Subject: [chef] Re: Re: Windows Blues, part 2
On Mon, Jun 10, 2013 at 3:57 PM, Adam Edwards <adamed@opscode.commailto:adamed@opscode.com> wrote:
Thanks for the summary Jeppe. KNIFE-286 should be addressed in master today and the ticket will be updated, and there are a few other fixes going into knife-windows. I’d like to release that set of changes as soon as possible, I’ll give an update on Wednesday once we’re firm on the timeline for release, and whether we include the other 3 you list below. Normally I would rather wait on those, but they completely block the ssh scenarios.
Sounds good! Agree that it seems as if SSH doesn’t currently work with Windows.
Regarding Server 2012, I’d like to be clear on what’s blocked - is it bootstrap that’s failing or recipes that require more quota (e.g. Sql server)? I would not expect the former since we found that a while ago and worked around it. For the latter, is the scheduled task workaround an option?
Bootstrap worked (with the patches mentioned previously), it was the quota management that hit us. I haven’t tried the scheduled tasks but did try the PsExec workaround and that worked. We just decided that it was not a sustainable solution, as basically we would have to do it on many recipes.
Ie. initially we only observed the problem with SQL Server, so we added PsExec to this recipe. Then we found out that running all the recipes in the run_list would cause some powershell scripts to fail in mysterious ways (but not when running only this recipe). Adding PsExec here also solved the problem.
/Jeppe
On Mon, Jun 10, 2013 at 5:53 PM, Adam Edwards adamed@opscode.com wrote:
Thanks for the details Jeppe. One more question on 2k12: if MSFT gets
the quota bug fixed soon, will you be able get back on the wagon using
Win2k12?
Actually, the current setup using SSH seems to work even if it takes some
extra work. We now have a Win2k12 EC2 AMI that includes FreeSSHD and
haven't had any issues (sans the tickets I mentioned 
Winrm does seem like a more natural fit in windows however and would allow
us to use clean Amazon AMIs. But to be frank, it also seems like an area
that doesn't get so much attention on the chef side ;-(
/Jeppe
I think the issues with winrm involve authentication - right now, ntlm / kerberos support is spotty at best on various operating systems, usually you have to resort to basic to get things to work. There’s work going on in Chef and gems used for WinRM to get past this, since the status quo is not acceptable.
Outside of that strange behavior, we’re trying to be more WinRM friendly, releasing support for winrm bootstrapping for openstack and ec2 earlier this year, for instance. It’s a good path as you say if you want to use “clean” AMI’s or you’re in a system where you can’t customize the image but you can get winrm access.
-Adam
From: Jeppe Nejsum Madsen <jeppe@ingolfs.dkmailto:jeppe@ingolfs.dk>
Reply-To: "chef@lists.opscode.commailto:chef@lists.opscode.com" <chef@lists.opscode.commailto:chef@lists.opscode.com>
Date: Monday, June 10, 2013 12:56 PM
To: "chef@lists.opscode.commailto:chef@lists.opscode.com" <chef@lists.opscode.commailto:chef@lists.opscode.com>
Subject: [chef] Re: Re: Re: Re: Windows Blues, part 2
On Mon, Jun 10, 2013 at 5:53 PM, Adam Edwards <adamed@opscode.commailto:adamed@opscode.com> wrote:
Thanks for the details Jeppe. One more question on 2k12: if MSFT gets the quota bug fixed soon, will you be able get back on the wagon using Win2k12?
Actually, the current setup using SSH seems to work even if it takes some extra work. We now have a Win2k12 EC2 AMI that includes FreeSSHD and haven’t had any issues (sans the tickets I mentioned 
Winrm does seem like a more natural fit in windows however and would allow us to use clean Amazon AMIs. But to be frank, it also seems like an area that doesn’t get so much attention on the chef side ;-(
/Jeppe