Comments (17)
from kitchen-oci.
Hi @ehaselwanter, sorry for not getting back to you earlier.
I must confess that Windows support wasn't something I'd envisaged so you may have to help me out a bit here. Could you clarify a little what you're looking for? Do you mean to say that you're running ChefDK on a Windows workstation and the plugin isn't working on the windows client side, or is the problem to do with launching Windows instances in OCI? Could you describe what happens when you attempt to do whatever it is you're trying to do?
from kitchen-oci.
Hi @stephenpearson,
no problem. We are heavy user of kitchen-oci to test all our linux boxes. so chef code on linux ... currently we want to move our windows workloads to OCI too. So it is about running the chef code on windows boxes in the cloud.
Maybe everything is already working and I just can not figure out how to configure an example. In that case an example config would help.
cheers
Edmund
from kitchen-oci.
I think the problem may be that you have to use winrm rather than ssh if using the supplied Windows images. Normally (i.e. outside of Kitchen) the initial password for the opc user has to be retrieved from the API or console and then Windows forces a password change on first login. When running this using the winrm transport then I'm not sure how we would handle this inside the Kitchen driver.
Are you planning to use custom Windows images in Kitchen containing a fixed password?
from kitchen-oci.
@ehaselwanter I was able to make this work as follows:
First I had to make a custom Windows image from the standard Oracle provided Windows 2016 Server image. I reset the initial password for the opc user to something else. I then ensured that ports tcp/5985 and tcp/5986 were accessible through the windows firewall and via the security list in OCI. Then I made sure that winrm was remotely accessible by running winrm quickconfig
from a command session running as Administrator and accepting the prompts. Finally I shut the machine down, then clicked 'Stop' for the instance in the console, and then clicked 'Create Custom Image'.
When that was complete, I added the new image OCID into the following kitchen configuration file for my cookbook:
---
driver:
name: oci
provisioner:
name: chef_zero
always_update_cookbooks: true
verifier:
name: inspec
platforms:
- name: windows
os_type: windows
driver:
# These are mandatory
compartment_id: ocid1.compartment.....
availability_domain: ....
image_id: ocid1.image.....
shape: VM.Standard2.2
subnet_id: ocid1.subnet....
# These are optional
use_private_ip: false
oci_config_file: ~/.oci/config
oci_profile_name: DEFAULT
ssh_keypath: "~/.ssh/id_rsa.pub"
transport:
name: winrm
username: opc
password: "<redacted>"
suites:
- name: default
run_list:
- recipe[my_cookbook::default]
verifier:
inspec_tests:
- test/smoke/default
attributes:
I ran kitchen as follows:
[stephen@chef my_cookbook]$ kitchen converge
-----> Starting Kitchen (v1.24.0)
WARN: Unresolved specs during Gem::Specification.reset:
bundler (>= 1.10)
WARN: Clearing out unresolved specs.
Please report a bug if this causes problems.
-----> Creating <default-windows>...
[WinRM] Established
Finished creating <default-windows> (9m14.09s).
-----> Converging <default-windows>...
... etc ...
from kitchen-oci.
@stephenpearson that sounds great. Will test this in the upcoming days. we definitely should find a way for setting a (known) password during bootstrap / the api call. Will investigate that matter
from kitchen-oci.
@stephenpearson do you see a way to provide a cloudinit.ps1
like shown in: https://github.com/terraform-providers/terraform-provider-oci/tree/master/docs/examples/compute/windows#what-this-example-covers
I guess something like https://github.com/test-kitchen/kitchen-ec2/blob/d2fd013073c2f51869776a628b7198b3b43f7dcb/lib/kitchen/driver/ec2.rb#L67
from kitchen-oci.
@ehaselwanter Thanks for those links. That approach may work, and I was looking at extending the .kitchen.yml
file in this kind of way:
user_data:
- type: x-shellscript
inline: |
#!/bin/bash
touch /tmp/foo.txt
filename: init.sh
.. and since the Windows images now contain cloud-init then that ought to work for Powershell too. Unfortunately, so far I've not been able to inject the multipart-mime userdata into cloud-init successfully but I'll keep tinkering with it.
If this general approach does work, then using the examples you linked to it ought to be possible to enable winrm and set a password. If we did set the password this way then it would imply that the userdata would have to contain the password in plaintext (or base64 encoded), so not very secure but probably good enough for spinning up a temporary test environment.
from kitchen-oci.
great to hear. yes. I agree. not that secure but at least not a hardcoded value in the image itself.
from kitchen-oci.
@ehaselwanter FYI, I think the above PR does what you want. If you pass setup_winrm: true
in the driver config then it'll insert a powershell script to setup winrm and to set a new random password for the instance that doesn't need to be changed on first login. There is an example .kitchen.yml file in the README.md.
If there are no objections from anyone then I'll merge and publish this as version 1.5.0.
from kitchen-oci.
WOW! this sounds perfect! I'll test and report how it works :-) So all for it.
from kitchen-oci.
@stephenpearson would you mind to merge/push it?
from kitchen-oci.
@ehaselwanter Ok, I've just made a few small refactoring changes to make Rubocop happy, so as soon as I've tested that then I'll merge and push it out.
from kitchen-oci.
No problem, no point waiting any longer to publish it. I'll assume it worked ok for you, if not then we can fix any bugs with a patch release.
from kitchen-oci.
@ehaselwanter FYI: I released version 1.5.0 onto rubygems.org
from kitchen-oci.
tested it. works great. I will open another feature request though. we would love to be able to specify a password to set instead of the random one. use case is testing windows_task resources which needs to know the password in the chef run. I have a workaround for it with lifecycle hooks. that does not feel right, but works
from kitchen-oci.
That's great. I'll close this feature request and let you open another one to keep things separate.
from kitchen-oci.
Related Issues (16)
- Feature Request: Be able to configure IP to use HOT 3
- :sourceType and :source_type error with oci gem > 2.0.9 HOT 3
- Invalid VNIC creation parameters for network which does not allow for public IPs HOT 4
- honor http proxy/proxy_auth HOT 8
- Define winrm windows password HOT 3
- add ENV['USER'] to freeform tags HOT 2
- cluster_name can only be 11 characters for dbaas
- Environmentally based no_proxy variable causes nil variable error. HOT 3
- Support for user_data that is a String HOT 3
- Maximum wait time has been exceeded. HOT 2
- Why subnet_id and shape are mandatory parameters when instance_type is dbaas? HOT 1
- Create action failed with no error on debug
- Network Security Group support? HOT 1
- Support for overriding SSH private key when connecting to the remote OCI node HOT 1
- Support for override_attributes in KITCHEN_YAML HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kitchen-oci.