chef: bootstrap windows servers.

NonCloud Machines

Prerequisites

1.  If the user is not administrator then grant it root access. Execute 

cmd> reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system /v EnableLUA /t REG_DWORD  /d 0 /f

cmd> shutdown -r

      2.   Allow winrm to execute commands remotely. Execute 

CALL winrm quickconfig -q
CALL winrm set winrm/config/winrs @{MaxMemoryPerShellMB="1024"}
CALL winrm set winrm/config @{MaxTimeoutms="1800000"}
CALL winrm set winrm/config/service @{AllowUnencrypted="true"}
CALL winrm set winrm/config/service/auth @{Basic="true"}
CALL netsh advfirewall firewall add rule name="WinRM 5985" protocol=TCP dir=in localport=5985 action=allow
CALL netsh advfirewall firewall add rule name="WinRM 5986" protocol=TCP dir=in localport=5986 action=allow
CALL net stop winrm
CALL net start winrm

Bootstrap standalone machine

         cmd>  knife bootstrap windows winrm someserver.somedomain.com -x 'somedomain\someuser' -P somePass -E tron-v2_stage -r 'recipe[somecookbook]'

AWS machine

1. Add below content to cloud formation "User Data": 

"UserData": { "Fn::Base64": { "Fn::Join": ["", [ "<script>","\n", "netsh advfirewall set allprofiles state off","\n", "REM Executing winrm commands","\n", "CALL winrm quickconfig -q","\n", "CALL winrm set winrm/config/winrs @{MaxMemoryPerShellMB=\"300\"}","\n", "CALL winrm set winrm/config @{MaxTimeoutms=\"1800000\"}","\n", "CALL winrm set winrm/config/service @{AllowUnencrypted=\"true\"}","\n", "CALL winrm set winrm/config/service/auth @{Basic=\"true\"}","\n", "CALL net stop winrm","\n", "CALL net start winrm","\n", "REM Chef 11 install","\n", "powershell curl -OutFile 'C:/chef-client.msi' https://opscode-omnibus-packages.s3.amazonaws.com/windows/2008r2/x86_64/chef-client-12.18.12-1.msi","\n", "msiexec.exe /passive /i C:\\chef-client.msi","\n", "set PATH=%PATH%;C:\\opscode\\chef\\embedded\\bin;C:\\opscode\\chef\\bin","\n", "powershell curl -OutFile 'C:/awscli.msi' https://s3.amazonaws.com/aws-cli/AWSCLI64.msi","\n", "msiexec.exe /passive /i C:\\awscli.msi","\n", "set PATH=%PATH%;C:\\Program Files\\Amazon\\AWSCLI\\","\n", "CALL aws s3 cp s3://somebucket//validator.pem C:\\chef\\validation.pem","\n", "CALL aws s3 cp s3://somebucket//client.rb C:\\chef\\client.rb","\n", "chef-client -S https://chefserver.domain.com/organizations/someorg -E some_env -r 'recipe[somecookbook]'","\n", "</script>","\n" ]] } }

Above has formatting issues, so use below for reference. 

aws: boto3: volume snapshot and ami backup plus retention

About
The idea is just to automate backup of ami and volume snapshot and handle the retention from instance tags

Scripts
Follow the scripts on gitlab:
     https://gitlab.com/vickeyrihal/aws_snapshot_and_ami_retention 

Chef: databag: issues

Error1:
 chef (12.17.44)> klam_ssh_conf = Chef::EncryptedDataBagItem.load('hubvpc', 'prod_secrets', IO.read('/etc/chef/hubvpc_prod_key'))['klam']   Chef::EncryptedDataBagItem::DecryptionFailure: Error decrypting data bag value: 'bad decrypt'. Most likely the provided key is incorrect.

issues: 

  1) encrypted key is wrong.

  2) encrypted key is corrupted during copy-paste. (will work with knife though)

       => do a   $ cat enc.key | tr -d '\r\n' > enc_new.key

=======================================================================