SlideShare uma empresa Scribd logo

Tips and Tricks for Automating Windows with Chef

Chef Software, Inc.
Chef Software, Inc.

Nordstrom has been using Chef to automate Windows environments. Come by this talk to get some tips and tricks for managing your Windows-based environment with Chef. Tips such as: Using Mixlib::Shellout and PowershellOut to execute Windows tools and scripts as a Domain user. Windows cookbook improvements, including Printer LWRP Diskpart cookbook Chef-keypass for better one-way encryption of data-bag secrets, including certs and passwords How to use Windows cookbook helpers Using the new Windows Registry resource in Chef 11 Windows Sysnative for correctly locating Windows programs Perf improvement numbers for Ruby 1.9.3 in Chef 11 for Windows Recommended Ohai plugins to disable

Tecnologia
1 de 39
Baixar para ler offline
Tips and Tricks for Automating Windows Doug Ireton Infrastructure Engineering @dougireton / dougireton.com
Who am I? • Infrastructure Engineer at Nordstrom • I’ve been a tester, a developer and a sysadmin • Working with Windows for 20 years @dougireton
Infrastructure Engineering
Who are you?
Agenda • About Nordstrom • A challenging first project • What we’ve learned from automating Windows • Twitter: #chefconf #winchef
Brick and Mortar still critical
A complex first project...
With Good Results...
Our First Real Chef Project • Manual Steps: 48 -> 5 • Team Handoffs: 15 -> 1 • Provision Time: 22 hours -> 7
No Run As image We Didn’t Have Run As
Fast-Forward to...
“I’ve  no)ced  a  considerable  reduc)on  in  deployment  )me  from  base   OS  to  fully  func)onal  app  server.   We  are  also  deploying  a  more  consistent  product  to  our  customers   now  due  to  the  automated  configura)on  management.” -­‐  Harvey  Bendana Nordstrom  WebOps  team
Windows Cookbook Helpers
win_friendly_path() #  include  Windows::Helper  from  Opscode  Windows  Cookbook ::Chef::Recipe.send(:include,  Windows::Helper)   #  now  you  can  call  helper  methods  like  win_friendly_path  directly my_batch_file  =  win_friendly_path('c:/temp/foo.bat')   execute  "My  batch  file"  do    command  my_batch_file    #  c:tempfoo.bat end
locate_sysnative_cmd() helper for 64-bit Windows #  include  Windows::Helper  from  Opscode  Windows  Cookbook ::Chef::Recipe.send(:include,  Windows::Helper) locate_sysnative_cmd("dism.exe")
Run Commands As Another User
“The system uses shared-key encryption. An encrypted file can only be decrypted by a node or a user with the same shared- key.” http://docs.opscode.com/ essentials_data_bags_encrypt.html Encrypted Data Bags
“That’s why storing encryption keys on the same system where the protected data resides violates all of the core principles of data protection.” - Patrick Townsend Townsend Security http://web.townsendsecurity.com/bid/23881/PCI-DSS-2-0-and-Encryption-Key-Management
http://www.flickr.com/photos/gtarded/2759499462/sizes/l/ Chef-Vault
knife encrypt password Use this knife command to encrypt the username and password that you want to protect. $  knife  encrypt  password  -­‐-­‐search  "role:web_server"        -­‐-­‐username  "mysql_user"  -­‐-­‐password  "P@ssw0rd"        -­‐-­‐admins  "alice,  bob,  carol"
Securely manage passwords for Run As chef_gem  "chef-­‐vault"   require  'chef-­‐vault'   #  given  a  'passwords'  data  bag vault  =  ChefVault.new("passwords")   #  get  the  'mysql_user'  data  bag  item user  =  vault.user("mysql_user")   #  decrypt  the  user's  password password  =  user.decrypt_password #  do  something  with  password
Run Commands as Another User ruby_block  "Add  server  to  WSUS  group"  do    block  do        Chef::Resource::RubyBlock.send(:include,  Chef::Mixin::ShellOut)                #  get  password  from  Chef-­‐Vault        password  =  user.decrypt_password          add_group  =  shell_out(            "dsquery.exe  computer  -­‐name  #{  node['hostname']  }  |  dsmod  group   'cn=patch_Tuesday,dc=mycorp,dc=com'  -­‐addmbr",            {                :user          =>  "my_user",                :password  =>  password,                :domain      =>  "mycorp.com",            }        )    end end
Managing Devices
Manage disks, partitions, and drives #  Use  Kevin  Moser’s  diskpart  cookbook   diskpart_partition  "create_#{disk[:letter]}:/"  do    disk_number  disk[:number]    letter  disk[:letter]    action  :create end diskpart_partition  "format_#{disk[:letter]}:/"  do    disk_number  disk[:number]    letter  disk[:letter]    action  :format end
Manage Printers and Printer Ports #  https://github.com/opscode-­‐cookbooks/windows   #  create  a  printer windows_printer  'HP  LaserJet  5th  Floor'  do    driver_name  'HP  LaserJet  4100  Series  PCL6'    ipv4_address  '10.4.64.38' end
Better Performance
Chef 11: Ruby Performance Improvements 30 - 50% faster Chef Client Run time on Windows
Ohai Plugins to Disable on Windows Ohai::Config[:disabled_plugins]  =  [ #  The  following  plugins  are  disabled  as  they  are  either  not  needed, #  have  poor  performance,  or  do  not  apply  to  the  Windows  configuration #  we  use.      "c",  "cloud",  "ec2",  "rackspace",  "eucalyptus",  "command",  "dmi",    "dmi_common",  "erlang",  "groovy",  "ip_scopes",  "java",  "keys",    "lua",  "mono",  "network_listeners",  "passwd",  "perl",    "php",  "python",  "ssh_host_key",  "uptime",  "virtualization",    "windows::virtualization",  "windows::kernel_devices" ]
Summary
Chef-Vault and Run As moserke / chef-vault Securely store and retrieve certificates and service acct passwords opscode / mixlib-shellout Run commands as another user
Manage disks and printers moserke / diskpart-cookbook opscode-cookbooks / windows v1.8.2 has Printer/Printer Port LWRPs
Performance Improvements http://wiki.opscode.com/display/chef/Disabling+Ohai+Plugins
Call to Action • IIS cookbook not idempotent for options • Better bootstrapping using Kerberos • Better integration with Active Directory
Will you join us? http://bit.ly/infeng
Go to Adam Edward’s talk right after this • “Cooking on Windows without the Windows Cookbook” • Seacliff A,B,C,D
http://www.flickr.com/photos/drachmann/327122302/sizes/l/
Photo Credits 1.Slide 3: http://www.flickr.com/photos/benedictineuniversity/6021873707/sizes/l/ 2. Slide 4: http://www.flickr.com/photos/kubina/278696130/sizes/l/ 3. Slide 7: http://www.flickr.com/photos/orlando-herb/8167991591/sizes/l/ 4.Slide 9: http://www.flickr.com/photos/ejbsf/8609182524/sizes/h/ 5.slide 10: http://www.flickr.com/photos/ashley-rly/3768328487/sizes/l/

Recomendados

Configuration Management in a Containerized World
Configuration Management in a Containerized WorldConfiguration Management in a Containerized World
Configuration Management in a Containerized World
Julian Dunn
 
Cooking on Windows without the Windows Cookbook
Cooking on Windows without the Windows CookbookCooking on Windows without the Windows Cookbook
Cooking on Windows without the Windows Cookbook
Chef Software, Inc.
 
Cooking with Chef on Windows
Cooking with Chef on WindowsCooking with Chef on Windows
Cooking with Chef on Windows
Julian Dunn
 
What Makes a Good Chef Cookbook? (May 2014 Edition)
What Makes a Good Chef Cookbook? (May 2014 Edition)What Makes a Good Chef Cookbook? (May 2014 Edition)
What Makes a Good Chef Cookbook? (May 2014 Edition)
Julian Dunn
 
Cooking with Chef on Windows: 2015 Edition
Cooking with Chef on Windows: 2015 EditionCooking with Chef on Windows: 2015 Edition
Cooking with Chef on Windows: 2015 Edition
Julian Dunn
 
Automating That "Other" OS
Automating That "Other" OSAutomating That "Other" OS
Automating That "Other" OS
Julian Dunn
 
Opscode Webinar: Cooking with Chef on Microsoft Windows
Opscode Webinar: Cooking with Chef on Microsoft WindowsOpscode Webinar: Cooking with Chef on Microsoft Windows
Opscode Webinar: Cooking with Chef on Microsoft Windows
Chef Software, Inc.
 
Chef and PowerShell Desired State Configuration
Chef and PowerShell Desired State ConfigurationChef and PowerShell Desired State Configuration
Chef and PowerShell Desired State Configuration
Julian Dunn
 

Recomendados

Configuration Management in a Containerized World
Configuration Management in a Containerized WorldConfiguration Management in a Containerized World
Configuration Management in a Containerized World
Julian Dunn
 
Cooking on Windows without the Windows Cookbook
Cooking on Windows without the Windows CookbookCooking on Windows without the Windows Cookbook
Cooking on Windows without the Windows Cookbook
Chef Software, Inc.
 
Cooking with Chef on Windows
Cooking with Chef on WindowsCooking with Chef on Windows
Cooking with Chef on Windows
Julian Dunn
 
What Makes a Good Chef Cookbook? (May 2014 Edition)
What Makes a Good Chef Cookbook? (May 2014 Edition)What Makes a Good Chef Cookbook? (May 2014 Edition)
What Makes a Good Chef Cookbook? (May 2014 Edition)
Julian Dunn
 
Cooking with Chef on Windows: 2015 Edition
Cooking with Chef on Windows: 2015 EditionCooking with Chef on Windows: 2015 Edition
Cooking with Chef on Windows: 2015 Edition
Julian Dunn
 
Automating That "Other" OS
Automating That "Other" OSAutomating That "Other" OS
Automating That "Other" OS
Julian Dunn
 
Opscode Webinar: Cooking with Chef on Microsoft Windows
Opscode Webinar: Cooking with Chef on Microsoft WindowsOpscode Webinar: Cooking with Chef on Microsoft Windows
Opscode Webinar: Cooking with Chef on Microsoft Windows
Chef Software, Inc.
 
Chef and PowerShell Desired State Configuration
Chef and PowerShell Desired State ConfigurationChef and PowerShell Desired State Configuration
Chef and PowerShell Desired State Configuration
Julian Dunn
 
Orchestration? You Don't Need Orchestration. What You Want is Choreography.
Orchestration? You Don't Need Orchestration. What You Want is Choreography.Orchestration? You Don't Need Orchestration. What You Want is Choreography.
Orchestration? You Don't Need Orchestration. What You Want is Choreography.
Julian Dunn
 
Test-Driven Infrastructure with Chef
Test-Driven Infrastructure with ChefTest-Driven Infrastructure with Chef
Test-Driven Infrastructure with Chef
Michael Lihs
 
Ansible Introduction
Ansible Introduction Ansible Introduction
Ansible Introduction
Robert Reiz
 
Infrastructure Automation with Chef & Ansible
Infrastructure Automation with Chef & AnsibleInfrastructure Automation with Chef & Ansible
Infrastructure Automation with Chef & Ansible
wajrcs
 
Chef introduction
Chef introductionChef introduction
Chef introduction
FENG Zhichao
 
Server Installation and Configuration with Chef
Server Installation and Configuration with ChefServer Installation and Configuration with Chef
Server Installation and Configuration with Chef
Raimonds Simanovskis
 
Leveraging Ansible for CI/CD
Leveraging Ansible for CI/CDLeveraging Ansible for CI/CD
Leveraging Ansible for CI/CD
Shippable
 
Docker
DockerDocker
Docker
Michael Lihs
 
Introduction to Chef
Introduction to ChefIntroduction to Chef
Introduction to Chef
Knoldus Inc.
 
Introduction to Chef
Introduction to ChefIntroduction to Chef
Introduction to Chef
Pubudu Suharshan Perera
 
Chef, Devops, and You
Chef, Devops, and YouChef, Devops, and You
Chef, Devops, and You
Bryan Berry
 
Compliance as Code
Compliance as CodeCompliance as Code
Compliance as Code
Matt Ray
 
Infrastructure Automation with Chef
Infrastructure Automation with ChefInfrastructure Automation with Chef
Infrastructure Automation with Chef
Jonathan Weiss
 
Learning chef
Learning chefLearning chef
Learning chef
Jonathan Carrillo
 
Chef Cookbook Workflow
Chef Cookbook WorkflowChef Cookbook Workflow
Chef Cookbook Workflow
Amazon Web Services
 
Testing for infra code using test-kitchen,docker,chef
Testing for infra code using test-kitchen,docker,chefTesting for infra code using test-kitchen,docker,chef
Testing for infra code using test-kitchen,docker,chef
kamalikamj
 
How to Write Chef Cookbook
How to Write Chef CookbookHow to Write Chef Cookbook
How to Write Chef Cookbook
devopsjourney
 
Chef Fundamentals Training Series Module 1: Overview of Chef
Chef Fundamentals Training Series Module 1: Overview of ChefChef Fundamentals Training Series Module 1: Overview of Chef
Chef Fundamentals Training Series Module 1: Overview of Chef
Chef Software, Inc.
 
CLUG 2014-10 - Cookbook CI with Jenkins
CLUG 2014-10 - Cookbook CI with JenkinsCLUG 2014-10 - Cookbook CI with Jenkins
CLUG 2014-10 - Cookbook CI with Jenkins
Zachary Stevens
 
Introduction to chef
Introduction to chefIntroduction to chef
Introduction to chef
Damith Kothalawala
 
AWS Anti patterns
AWS Anti patternsAWS Anti patterns
AWS Anti patterns
Sebastian Montini
 
ARC202:real world real time analytics
ARC202:real world real time analyticsARC202:real world real time analytics
ARC202:real world real time analytics
Sebastian Montini
 

Mais conteúdo relacionado

Mais procurados

Testing for infra code using test-kitchen,docker,chef
Testing for infra code using test-kitchen,docker,chefTesting for infra code using test-kitchen,docker,chef
Testing for infra code using test-kitchen,docker,chef
kamalikamj
 
Chef Fundamentals Training Series Module 1: Overview of Chef
Chef Fundamentals Training Series Module 1: Overview of ChefChef Fundamentals Training Series Module 1: Overview of Chef
Chef Fundamentals Training Series Module 1: Overview of Chef
Chef Software, Inc.
 

Mais procurados (20)

Orchestration? You Don't Need Orchestration. What You Want is Choreography.
Orchestration? You Don't Need Orchestration. What You Want is Choreography.Orchestration? You Don't Need Orchestration. What You Want is Choreography.
Orchestration? You Don't Need Orchestration. What You Want is Choreography.
 
Test-Driven Infrastructure with Chef
Test-Driven Infrastructure with ChefTest-Driven Infrastructure with Chef
Test-Driven Infrastructure with Chef
 
Ansible Introduction
Ansible Introduction Ansible Introduction
Ansible Introduction
 
Infrastructure Automation with Chef & Ansible
Infrastructure Automation with Chef & AnsibleInfrastructure Automation with Chef & Ansible
Infrastructure Automation with Chef & Ansible
 
Chef introduction
Chef introductionChef introduction
Chef introduction
 
Server Installation and Configuration with Chef
Server Installation and Configuration with ChefServer Installation and Configuration with Chef
Server Installation and Configuration with Chef
 
Leveraging Ansible for CI/CD
Leveraging Ansible for CI/CDLeveraging Ansible for CI/CD
Leveraging Ansible for CI/CD
 
Docker
DockerDocker
Docker
 
Introduction to Chef
Introduction to ChefIntroduction to Chef
Introduction to Chef
 
Introduction to Chef
Introduction to ChefIntroduction to Chef
Introduction to Chef
 
Chef, Devops, and You
Chef, Devops, and YouChef, Devops, and You
Chef, Devops, and You
 
Compliance as Code
Compliance as CodeCompliance as Code
Compliance as Code
 
Infrastructure Automation with Chef
Infrastructure Automation with ChefInfrastructure Automation with Chef
Infrastructure Automation with Chef
 
Learning chef
Learning chefLearning chef
Learning chef
 
Chef Cookbook Workflow
Chef Cookbook WorkflowChef Cookbook Workflow
Chef Cookbook Workflow
 
Testing for infra code using test-kitchen,docker,chef
Testing for infra code using test-kitchen,docker,chefTesting for infra code using test-kitchen,docker,chef
Testing for infra code using test-kitchen,docker,chef
 
How to Write Chef Cookbook
How to Write Chef CookbookHow to Write Chef Cookbook
How to Write Chef Cookbook
 
Chef Fundamentals Training Series Module 1: Overview of Chef
Chef Fundamentals Training Series Module 1: Overview of ChefChef Fundamentals Training Series Module 1: Overview of Chef
Chef Fundamentals Training Series Module 1: Overview of Chef
 
CLUG 2014-10 - Cookbook CI with Jenkins
CLUG 2014-10 - Cookbook CI with JenkinsCLUG 2014-10 - Cookbook CI with Jenkins
CLUG 2014-10 - Cookbook CI with Jenkins
 
Introduction to chef
Introduction to chefIntroduction to chef
Introduction to chef
 

Destaque

Modular Architectures: What they are why do they matter now.
Modular Architectures: What they are why do they matter now.Modular Architectures: What they are why do they matter now.
Modular Architectures: What they are why do they matter now.
Param Rengaiah
 
David Goulden keynote at Dell EMC World
David Goulden keynote at Dell EMC WorldDavid Goulden keynote at Dell EMC World
David Goulden keynote at Dell EMC World
Dell EMC World
 

Destaque (10)

AWS Anti patterns
AWS Anti patternsAWS Anti patterns
AWS Anti patterns
 
ARC202:real world real time analytics
ARC202:real world real time analyticsARC202:real world real time analytics
ARC202:real world real time analytics
 
Opscode Webinar: Managing Your VMware Infrastructure with Chef
Opscode Webinar: Managing Your VMware Infrastructure with ChefOpscode Webinar: Managing Your VMware Infrastructure with Chef
Opscode Webinar: Managing Your VMware Infrastructure with Chef
 
Modular architecture today
Modular architecture todayModular architecture today
Modular architecture today
 
MT23 Benefits of Modular Computing from Data Center to Branch Office
MT23 Benefits of Modular Computing from Data Center to Branch OfficeMT23 Benefits of Modular Computing from Data Center to Branch Office
MT23 Benefits of Modular Computing from Data Center to Branch Office
 
Modular Architectures: What they are why do they matter now.
Modular Architectures: What they are why do they matter now.Modular Architectures: What they are why do they matter now.
Modular Architectures: What they are why do they matter now.
 
MT25 Server technology trends, workload impacts, and the Dell Point of View
MT25 Server technology trends, workload impacts, and the Dell Point of ViewMT25 Server technology trends, workload impacts, and the Dell Point of View
MT25 Server technology trends, workload impacts, and the Dell Point of View
 
Infrastructure Automation with Chef
Infrastructure Automation with ChefInfrastructure Automation with Chef
Infrastructure Automation with Chef
 
David Goulden keynote at Dell EMC World
David Goulden keynote at Dell EMC WorldDavid Goulden keynote at Dell EMC World
David Goulden keynote at Dell EMC World
 
Slideshare Powerpoint presentation
Slideshare Powerpoint presentationSlideshare Powerpoint presentation
Slideshare Powerpoint presentation
 

Semelhante a Tips and Tricks for Automating Windows with Chef

Our Puppet Story (Linuxtag 2014)
Our Puppet Story (Linuxtag 2014)Our Puppet Story (Linuxtag 2014)
Our Puppet Story (Linuxtag 2014)
DECK36
 
What makes me "Grunt"?
What makes me "Grunt"? What makes me "Grunt"?
What makes me "Grunt"?
Fabien Doiron
 
Azure from scratch part 4
Azure from scratch part 4Azure from scratch part 4
Azure from scratch part 4
Girish Kalamati
 
Containerisation Hack of a Legacy Software Solution - Alex Carter - CodeMill ...
Containerisation Hack of a Legacy Software Solution - Alex Carter - CodeMill ...Containerisation Hack of a Legacy Software Solution - Alex Carter - CodeMill ...
Containerisation Hack of a Legacy Software Solution - Alex Carter - CodeMill ...
CodeMill digital skills
 
Tested and Correct, How to Make Sure Your Documentation Keeps Working
Tested and Correct, How to Make Sure Your Documentation Keeps WorkingTested and Correct, How to Make Sure Your Documentation Keeps Working
Tested and Correct, How to Make Sure Your Documentation Keeps Working
Adam Dangoor
 

Semelhante a Tips and Tricks for Automating Windows with Chef (20)

Modern tooling to assist with developing applications on FreeBSD
Modern tooling to assist with developing applications on FreeBSDModern tooling to assist with developing applications on FreeBSD
Modern tooling to assist with developing applications on FreeBSD
 
Automatic testing and quality assurance for WordPress plugins
Automatic testing and quality assurance for WordPress pluginsAutomatic testing and quality assurance for WordPress plugins
Automatic testing and quality assurance for WordPress plugins
 
Node azure
Node azureNode azure
Node azure
 
Our Puppet Story (Linuxtag 2014)
Our Puppet Story (Linuxtag 2014)Our Puppet Story (Linuxtag 2014)
Our Puppet Story (Linuxtag 2014)
 
Future of Development and Deployment using Docker
Future of Development and Deployment using DockerFuture of Development and Deployment using Docker
Future of Development and Deployment using Docker
 
Lean Php Presentation
Lean Php PresentationLean Php Presentation
Lean Php Presentation
 
What makes me "Grunt"?
What makes me "Grunt"? What makes me "Grunt"?
What makes me "Grunt"?
 
How to create your own hack environment
How to create your own hack environmentHow to create your own hack environment
How to create your own hack environment
 
Ruby For Startups
Ruby For StartupsRuby For Startups
Ruby For Startups
 
Using Puppet in Small Infrastructures
Using Puppet in Small InfrastructuresUsing Puppet in Small Infrastructures
Using Puppet in Small Infrastructures
 
(ARC402) Deployment Automation: From Developers' Keyboards to End Users' Scre...
(ARC402) Deployment Automation: From Developers' Keyboards to End Users' Scre...(ARC402) Deployment Automation: From Developers' Keyboards to End Users' Scre...
(ARC402) Deployment Automation: From Developers' Keyboards to End Users' Scre...
 
Under the Wire PowerShell workshop - BSides Augusta 2018
Under the Wire PowerShell workshop - BSides Augusta 2018Under the Wire PowerShell workshop - BSides Augusta 2018
Under the Wire PowerShell workshop - BSides Augusta 2018
 
Azure from scratch part 4
Azure from scratch part 4Azure from scratch part 4
Azure from scratch part 4
 
Containerisation Hack of a Legacy Software Solution - Alex Carter - CodeMill ...
Containerisation Hack of a Legacy Software Solution - Alex Carter - CodeMill ...Containerisation Hack of a Legacy Software Solution - Alex Carter - CodeMill ...
Containerisation Hack of a Legacy Software Solution - Alex Carter - CodeMill ...
 
Jenkins Pipelines Advanced
Jenkins Pipelines AdvancedJenkins Pipelines Advanced
Jenkins Pipelines Advanced
 
Iac d.damyanov 4.pptx
Iac d.damyanov 4.pptxIac d.damyanov 4.pptx
Iac d.damyanov 4.pptx
 
InSpec at DevOps ATL Meetup January 22, 2020
InSpec at DevOps ATL Meetup January 22, 2020InSpec at DevOps ATL Meetup January 22, 2020
InSpec at DevOps ATL Meetup January 22, 2020
 
Why favour Icinga over Nagios @ FrOSCon 2015
Why favour Icinga over Nagios @ FrOSCon 2015Why favour Icinga over Nagios @ FrOSCon 2015
Why favour Icinga over Nagios @ FrOSCon 2015
 
Tested and Correct, How to Make Sure Your Documentation Keeps Working
Tested and Correct, How to Make Sure Your Documentation Keeps WorkingTested and Correct, How to Make Sure Your Documentation Keeps Working
Tested and Correct, How to Make Sure Your Documentation Keeps Working
 
Automating Complex Setups with Puppet
Automating Complex Setups with PuppetAutomating Complex Setups with Puppet
Automating Complex Setups with Puppet
 

Mais de Chef Software, Inc.

Chef Fundamentals Training Series Module 4: The Chef Client Run and Expanding...
Chef Fundamentals Training Series Module 4: The Chef Client Run and Expanding...Chef Fundamentals Training Series Module 4: The Chef Client Run and Expanding...
Chef Fundamentals Training Series Module 4: The Chef Client Run and Expanding...
Chef Software, Inc.
 
Opscode Webinar: Automation for Education May 08-2013
Opscode Webinar: Automation for Education May 08-2013Opscode Webinar: Automation for Education May 08-2013
Opscode Webinar: Automation for Education May 08-2013
Chef Software, Inc.
 
Utility HPC: Right Systems, Right Scale, Right Science
Utility HPC: Right Systems, Right Scale, Right ScienceUtility HPC: Right Systems, Right Scale, Right Science
Utility HPC: Right Systems, Right Scale, Right Science
Chef Software, Inc.
 
Using Kanban and Chef: A Case Study – Jeffrey Hulten
Using Kanban and Chef: A Case Study – Jeffrey HultenUsing Kanban and Chef: A Case Study – Jeffrey Hulten
Using Kanban and Chef: A Case Study – Jeffrey Hulten
Chef Software, Inc.
 
SDN, Network Virtualization and the Software Defined Data Center – Brad Hedlund
SDN, Network Virtualization and the Software Defined Data Center – Brad HedlundSDN, Network Virtualization and the Software Defined Data Center – Brad Hedlund
SDN, Network Virtualization and the Software Defined Data Center – Brad Hedlund
Chef Software, Inc.
 
The unintended benefits of Chef
The unintended benefits of ChefThe unintended benefits of Chef
The unintended benefits of Chef
Chef Software, Inc.
 

Mais de Chef Software, Inc. (20)

Chef Fundamentals Training Series Module 6: Roles, Environments, Community Co...
Chef Fundamentals Training Series Module 6: Roles, Environments, Community Co...Chef Fundamentals Training Series Module 6: Roles, Environments, Community Co...
Chef Fundamentals Training Series Module 6: Roles, Environments, Community Co...
 
Chef Fundamentals Training Series Module 4: The Chef Client Run and Expanding...
Chef Fundamentals Training Series Module 4: The Chef Client Run and Expanding...Chef Fundamentals Training Series Module 4: The Chef Client Run and Expanding...
Chef Fundamentals Training Series Module 4: The Chef Client Run and Expanding...
 
Chef Fundamentals Training Series Module 3: Setting up Nodes and Cookbook Aut...
Chef Fundamentals Training Series Module 3: Setting up Nodes and Cookbook Aut...Chef Fundamentals Training Series Module 3: Setting up Nodes and Cookbook Aut...
Chef Fundamentals Training Series Module 3: Setting up Nodes and Cookbook Aut...
 
Chef Fundamentals Training Series Module 2: Workstation Setup
Chef Fundamentals Training Series Module 2: Workstation SetupChef Fundamentals Training Series Module 2: Workstation Setup
Chef Fundamentals Training Series Module 2: Workstation Setup
 
Opscode tech festa july 2013
Opscode tech festa july 2013Opscode tech festa july 2013
Opscode tech festa july 2013
 
Opscode Webinar: Automation for Education May 08-2013
Opscode Webinar: Automation for Education May 08-2013Opscode Webinar: Automation for Education May 08-2013
Opscode Webinar: Automation for Education May 08-2013
 
Utility HPC: Right Systems, Right Scale, Right Science
Utility HPC: Right Systems, Right Scale, Right ScienceUtility HPC: Right Systems, Right Scale, Right Science
Utility HPC: Right Systems, Right Scale, Right Science
 
The Berkshelf Way
The Berkshelf WayThe Berkshelf Way
The Berkshelf Way
 
Using Kanban and Chef: A Case Study – Jeffrey Hulten
Using Kanban and Chef: A Case Study – Jeffrey HultenUsing Kanban and Chef: A Case Study – Jeffrey Hulten
Using Kanban and Chef: A Case Study – Jeffrey Hulten
 
SDN, Network Virtualization and the Software Defined Data Center – Brad Hedlund
SDN, Network Virtualization and the Software Defined Data Center – Brad HedlundSDN, Network Virtualization and the Software Defined Data Center – Brad Hedlund
SDN, Network Virtualization and the Software Defined Data Center – Brad Hedlund
 
ChefConf 2013 Keynote Session – Opscode – Adam Jacob
ChefConf 2013 Keynote Session – Opscode – Adam JacobChefConf 2013 Keynote Session – Opscode – Adam Jacob
ChefConf 2013 Keynote Session – Opscode – Adam Jacob
 
Using Chef and AppFirst to Automate Scale-out/Scale-down of Web Applications ...
Using Chef and AppFirst to Automate Scale-out/Scale-down of Web Applications ...Using Chef and AppFirst to Automate Scale-out/Scale-down of Web Applications ...
Using Chef and AppFirst to Automate Scale-out/Scale-down of Web Applications ...
 
The InstallShield of the 21st Century – Theo Schlossnagle
The InstallShield of the 21st Century – Theo SchlossnagleThe InstallShield of the 21st Century – Theo Schlossnagle
The InstallShield of the 21st Century – Theo Schlossnagle
 
Chef ignited a DevOps revolution – BK Box
Chef ignited a DevOps revolution – BK BoxChef ignited a DevOps revolution – BK Box
Chef ignited a DevOps revolution – BK Box
 
The unintended benefits of Chef
The unintended benefits of ChefThe unintended benefits of Chef
The unintended benefits of Chef
 
Push jobs: an orchestration building block for private Chef
Push jobs: an orchestration building block for private ChefPush jobs: an orchestration building block for private Chef
Push jobs: an orchestration building block for private Chef
 
Multi-provider Vagrant and Chef: AWS, VMware, and more
Multi-provider Vagrant and Chef: AWS, VMware, and moreMulti-provider Vagrant and Chef: AWS, VMware, and more
Multi-provider Vagrant and Chef: AWS, VMware, and more
 
Welcome to the IT Industrial Revolution! Are you ready?
Welcome to the IT Industrial Revolution! Are you ready?Welcome to the IT Industrial Revolution! Are you ready?
Welcome to the IT Industrial Revolution! Are you ready?
 
Who Says Elephants Can’t Cook? How IBM and Opscode are changing the role of c...
Who Says Elephants Can’t Cook? How IBM and Opscode are changing the role of c...Who Says Elephants Can’t Cook? How IBM and Opscode are changing the role of c...
Who Says Elephants Can’t Cook? How IBM and Opscode are changing the role of c...
 
Growing Pains with Chef – a Tale of DevOps in a Large Organization
Growing Pains with Chef – a Tale of DevOps in a Large OrganizationGrowing Pains with Chef – a Tale of DevOps in a Large Organization
Growing Pains with Chef – a Tale of DevOps in a Large Organization
 

Último

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Último (20)

Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 

Tips and Tricks for Automating Windows with Chef

  • 1. Tips and Tricks for Automating Windows Doug Ireton Infrastructure Engineering @dougireton / dougireton.com
  • 2. Who am I? • Infrastructure Engineer at Nordstrom • I’ve been a tester, a developer and a sysadmin • Working with Windows for 20 years @dougireton
  • 5. Agenda • About Nordstrom • A challenging first project • What we’ve learned from automating Windows • Twitter: #chefconf #winchef
  • 6. Brick and Mortar still critical
  • 7. A complex first project...
  • 9. Our First Real Chef Project • Manual Steps: 48 -> 5 • Team Handoffs: 15 -> 1 • Provision Time: 22 hours -> 7
  • 10.
  • 11. No Run As image We Didn’t Have Run As
  • 13.
  • 14. “I’ve  no)ced  a  considerable  reduc)on  in  deployment  )me  from  base   OS  to  fully  func)onal  app  server.   We  are  also  deploying  a  more  consistent  product  to  our  customers   now  due  to  the  automated  configura)on  management.” -­‐  Harvey  Bendana Nordstrom  WebOps  team
  • 16. win_friendly_path() #  include  Windows::Helper  from  Opscode  Windows  Cookbook ::Chef::Recipe.send(:include,  Windows::Helper)   #  now  you  can  call  helper  methods  like  win_friendly_path  directly my_batch_file  =  win_friendly_path('c:/temp/foo.bat')   execute  "My  batch  file"  do    command  my_batch_file    #  c:tempfoo.bat end
  • 17. locate_sysnative_cmd() helper for 64-bit Windows #  include  Windows::Helper  from  Opscode  Windows  Cookbook ::Chef::Recipe.send(:include,  Windows::Helper) locate_sysnative_cmd("dism.exe")
  • 18. Run Commands As Another User
  • 19. “The system uses shared-key encryption. An encrypted file can only be decrypted by a node or a user with the same shared- key.” http://docs.opscode.com/ essentials_data_bags_encrypt.html Encrypted Data Bags
  • 20. “That’s why storing encryption keys on the same system where the protected data resides violates all of the core principles of data protection.” - Patrick Townsend Townsend Security http://web.townsendsecurity.com/bid/23881/PCI-DSS-2-0-and-Encryption-Key-Management
  • 22. knife encrypt password Use this knife command to encrypt the username and password that you want to protect. $  knife  encrypt  password  -­‐-­‐search  "role:web_server"        -­‐-­‐username  "mysql_user"  -­‐-­‐password  "P@ssw0rd"        -­‐-­‐admins  "alice,  bob,  carol"
  • 23. Securely manage passwords for Run As chef_gem  "chef-­‐vault"   require  'chef-­‐vault'   #  given  a  'passwords'  data  bag vault  =  ChefVault.new("passwords")   #  get  the  'mysql_user'  data  bag  item user  =  vault.user("mysql_user")   #  decrypt  the  user's  password password  =  user.decrypt_password #  do  something  with  password
  • 24. Run Commands as Another User ruby_block  "Add  server  to  WSUS  group"  do    block  do        Chef::Resource::RubyBlock.send(:include,  Chef::Mixin::ShellOut)                #  get  password  from  Chef-­‐Vault        password  =  user.decrypt_password          add_group  =  shell_out(            "dsquery.exe  computer  -­‐name  #{  node['hostname']  }  |  dsmod  group   'cn=patch_Tuesday,dc=mycorp,dc=com'  -­‐addmbr",            {                :user          =>  "my_user",                :password  =>  password,                :domain      =>  "mycorp.com",            }        )    end end
  • 26. Manage disks, partitions, and drives #  Use  Kevin  Moser’s  diskpart  cookbook   diskpart_partition  "create_#{disk[:letter]}:/"  do    disk_number  disk[:number]    letter  disk[:letter]    action  :create end diskpart_partition  "format_#{disk[:letter]}:/"  do    disk_number  disk[:number]    letter  disk[:letter]    action  :format end
  • 27. Manage Printers and Printer Ports #  https://github.com/opscode-­‐cookbooks/windows   #  create  a  printer windows_printer  'HP  LaserJet  5th  Floor'  do    driver_name  'HP  LaserJet  4100  Series  PCL6'    ipv4_address  '10.4.64.38' end
  • 29. Chef 11: Ruby Performance Improvements 30 - 50% faster Chef Client Run time on Windows
  • 30. Ohai Plugins to Disable on Windows Ohai::Config[:disabled_plugins]  =  [ #  The  following  plugins  are  disabled  as  they  are  either  not  needed, #  have  poor  performance,  or  do  not  apply  to  the  Windows  configuration #  we  use.      "c",  "cloud",  "ec2",  "rackspace",  "eucalyptus",  "command",  "dmi",    "dmi_common",  "erlang",  "groovy",  "ip_scopes",  "java",  "keys",    "lua",  "mono",  "network_listeners",  "passwd",  "perl",    "php",  "python",  "ssh_host_key",  "uptime",  "virtualization",    "windows::virtualization",  "windows::kernel_devices" ]
  • 32. Chef-Vault and Run As moserke / chef-vault Securely store and retrieve certificates and service acct passwords opscode / mixlib-shellout Run commands as another user
  • 33. Manage disks and printers moserke / diskpart-cookbook opscode-cookbooks / windows v1.8.2 has Printer/Printer Port LWRPs
  • 35. Call to Action • IIS cookbook not idempotent for options • Better bootstrapping using Kerberos • Better integration with Active Directory
  • 36. Will you join us? http://bit.ly/infeng
  • 37. Go to Adam Edward’s talk right after this • “Cooking on Windows without the Windows Cookbook” • Seacliff A,B,C,D
  • 39. Photo Credits 1.Slide 3: http://www.flickr.com/photos/benedictineuniversity/6021873707/sizes/l/ 2. Slide 4: http://www.flickr.com/photos/kubina/278696130/sizes/l/ 3. Slide 7: http://www.flickr.com/photos/orlando-herb/8167991591/sizes/l/ 4.Slide 9: http://www.flickr.com/photos/ejbsf/8609182524/sizes/h/ 5.slide 10: http://www.flickr.com/photos/ashley-rly/3768328487/sizes/l/