From 806712b6f91adaa37ee7b8bd4b641f697b5c8e82 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Thu, 4 Mar 2021 10:42:45 -0600 Subject: [PATCH 01/73] resource cleanup --- resources/computer.rb | 18 ++++++++---------- resources/contact.rb | 2 -- resources/domain.rb | 30 +++++++++--------------------- resources/group.rb | 2 -- resources/ou.rb | 2 +- 5 files changed, 18 insertions(+), 36 deletions(-) diff --git a/resources/computer.rb b/resources/computer.rb index c020df4e..882418a7 100644 --- a/resources/computer.rb +++ b/resources/computer.rb @@ -18,14 +18,17 @@ property :cmd_user, String property :cmd_pass, String property :cmd_domain, String -property :restart, [TrueClass, FalseClass], required: true - -require 'mixlib/shellout' action :create do if exists? Chef::Log.debug('The object already exists') else + powershell_script "create ADComputer #{name}" do + code "New-ADComputer -Name #{new_resource.name}" << -EOH + powershell code + EOH + end + cmd = 'dsadd' cmd << ' computer ' cmd << '"' @@ -97,19 +100,14 @@ action_class do def computer_exists? - comp = Mixlib::ShellOut.new('powershell.exe -command \"get-wmiobject -class win32_computersystem -computername . | select domain\"').run_command + comp = shell_out('powershell.exe -command \"get-wmiobject -class win32_computersystem -computername . | select domain\"') stdout = comp.stdout.downcase Chef::Log.debug("computer_exists? is #{stdout.downcase}") stdout.include?(new_resource.domain_name.downcase) end def exists? - # Supports workstation and server platforms, Windows Server 2008 R2 and Windows 7 share the same version number, Win7 doesnot include netdom command without RSAT. - if node['os_version'] == '6.1.7600' - Chef::Log.warn('Unable to determine specific OS version. Windows 7 does not have the native tools to query if the domain exists. Assuming domain exists.') - return true - end - check = Mixlib::ShellOut.new("netdom query /domain:#{new_resource.domain_name} /userD:#{new_resource.domain_user} /passwordd:#{new_resource.domain_pass} dc").run_command + check = shell_out("netdom query /domain:#{new_resource.domain_name} /userD:#{new_resource.domain_user} /passwordd:#{new_resource.domain_pass} dc") Chef::Log.debug("netdom query /domain:#{new_resource.domain_name} /userD:#{new_resource.domain_user} /passwordd:#{new_resource.domain_pass} dc") Chef::Log.debug("check.stdout.include is #{check.stdout}") check.stdout.include? 'The command completed successfully.' diff --git a/resources/contact.rb b/resources/contact.rb index ec031e71..3d1478cd 100644 --- a/resources/contact.rb +++ b/resources/contact.rb @@ -17,8 +17,6 @@ property :cmd_pass, String property :cmd_domain, String -require 'mixlib/shellout' - action :create do if exists? Chef::Log.debug('The object already exists') diff --git a/resources/domain.rb b/resources/domain.rb index 1c722bb1..b6c2a513 100644 --- a/resources/domain.rb +++ b/resources/domain.rb @@ -12,16 +12,14 @@ property :domain_user, String, required: true property :domain_pass, String, required: true -property :restart, [TrueClass, FalseClass], required: true +property :restart, [true, false], required: true property :type, String, default: 'forest' property :safe_mode_pass, String, required: true property :options, Hash, default: {} property :local_pass, String property :replica_type, String, default: 'domain' -require 'mixlib/shellout' - -ENUM_NAMES = %w[(Win2003) (Win2008) (Win2008R2) (Win2012) (Win2012R2) (Default)].freeze +ENUM_NAMES = %w[(Win2012) (Win2012R2) (2016) (2019) (Default)].freeze action :create do if exists? @@ -32,17 +30,8 @@ cmd << " -SafeModeAdministratorPassword (convertto-securestring '#{new_resource.safe_mode_pass}' -asplaintext -Force)" cmd << ' -Force:$true' cmd << ' -NoRebootOnCompletion' unless new_resource.restart - elsif - cmd = 'dcpromo -unattend' - cmd << " -newDomain:#{new_resource.type}" - cmd << " -NewDomainDNSName:#{new_resource.name}" - cmd << if !new_resource.restart - ' -RebootOnCompletion:No' - else - ' -RebootOnCompletion:Yes' - end - cmd << " -SafeModeAdminPassword:(convertto-securestring '#{new_resource.safe_mode_pass}' -asplaintext -Force)" - cmd << " -ReplicaOrNewDomain:#{new_resource.replica_type}" + elsif Chef::Log.warn('This version of Windows Server is no longer supported + as the platform is EOL.') end Chef::Log.debug("cmd is #{cmd}") cmd << format_options(new_resource.options) @@ -56,9 +45,8 @@ action :delete do if Chef::Version.new(['os_version']) <= Chef::Version.new('6.1') - Chef::Log.warn('This version of Windows Server is currently unsupported - beyond installing the required roles and features. Help us - out by submitting a pull request.') + Chef::Log.warn('This version of Windows Server is no longer supported + as the platform is EOL.') end if exists? cmd = 'Uninstall-ADDSDomainController' @@ -77,18 +65,18 @@ action_class do def exists? ldap_path = new_resource.name.split('.').map! { |k| "dc=#{k}" }.join(',') - check = Mixlib::ShellOut.new("powershell.exe -command [adsi]::Exists('LDAP://#{ldap_path}')").run_command + check = shell_out("powershell.exe -command [adsi]::Exists('LDAP://#{ldap_path}')") check.stdout.match('True') end def computer_exists? - comp = Mixlib::ShellOut.new('powershell.exe -command "get-wmiobject -class win32_computersystem -computername . | select domain"').run_command + comp = shell_out('powershell.exe -command "get-wmiobject -class win32_computersystem -computername . | select domain"') stdout = comp.stdout.downcase stdout.include?(new_resource.name.downcase) end def last_dc? - dsquery = Mixlib::ShellOut.new('dsquery server -forest').run_command + dsquery = shell_out('dsquery server -forest') dsquery.stdout.split("\n").size == 1 end diff --git a/resources/group.rb b/resources/group.rb index c325248e..28ba6163 100644 --- a/resources/group.rb +++ b/resources/group.rb @@ -17,8 +17,6 @@ property :cmd_pass, String property :cmd_domain, String -require 'mixlib/shellout' - action :create do if exists? Chef::Log.debug('The object already exists') diff --git a/resources/ou.rb b/resources/ou.rb index 54766296..38d3de21 100644 --- a/resources/ou.rb +++ b/resources/ou.rb @@ -17,7 +17,7 @@ property :cmd_pass, String property :cmd_domain, String -action :create do # ~FC017 +action :create do require 'chef/win32/version' win_ver = Chef::ReservedNames::Win32::Version.new if win_ver.windows_server_2008? || win_ver.windows_server_2008_r2? From bd4e97a00e70e3260ee393152e35f2b2756b332c Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Thu, 4 Mar 2021 12:01:57 -0600 Subject: [PATCH 02/73] server 2008 removal --- README.md | 66 +------------------ recipes/default.rb | 42 +++++------- .../windows_ad_test/recipes/setup_forest.rb | 9 +-- 3 files changed, 18 insertions(+), 99 deletions(-) diff --git a/README.md b/README.md index ca5bfaec..e170cfc7 100644 --- a/README.md +++ b/README.md @@ -51,7 +51,6 @@ The windows_ad::default recipe installs the required roles and features to suppo * cmd_user: user under which the interaction with AD should happen * cmd_pass: password for user specified in cmd_user (only needed if user requires password) * cmd_domain: domain of the user specified in cmd_user (only needed if user is a domain account) -* restart: allows preventing reboot after join or unjoin action. Default true to reboot. **Required** #### Examples @@ -140,7 +139,7 @@ The windows_ad::default recipe installs the required roles and features to suppo * name: name property. Name of the forest/domain to operate against. * type: type of install. Valid values: forest, domain, read-only. -* safe_mode_pass: safe mode administrative password. +* safe_mode_pass: safe mode administrative password. **Note**: [Password must meet complexity requirements](https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements) * domain_user: User account to join the domain or to create a domain controller. **Required**: for `:create` except on `type` `forest` on windows 2012 and above. * domain_pass: User password to join the domain or to create a domain controller. **Required**: for `:create` except on `type` `forest` on windows 2012 and above. * local_pass: Local Administrator Password for removing domain controller. @@ -175,27 +174,6 @@ The windows_ad::default recipe installs the required roles and features to suppo domain_user "Administrator" end - # Create Contoso.com forest with DNS, Win2008 R2 Operational Mode Windows Server 2008 R2 - windows_ad_domain "contoso.local" do - action :create - type "forest" - safe_mode_pass "Passw0rd" - options ({ "domainlevel" => "4", - "forestlevel" => "4", - "InstallDNS" => "yes" - }) - end - - # Create Contoso.com forest with DNS, Win2008 Operational Mode Windows Server 2012 - windows_ad_domain "contoso.local" do - action :create - type "forest" - safe_mode_pass "Passw0rd" - options ({ "ForestMode" => "Win2008", - "InstallDNS" => nil - }) - end - # Remove Domain Controller windows_ad_domain "contoso.local" do action :delete @@ -297,8 +275,6 @@ The windows_ad::default recipe installs the required roles and features to suppo ### `ou` -Note: Chef 12 Custom Resource WIP. -ou provider will call `ou_2008` or `ou_2012` based on OS version. Warning: Data bags can be used, however OU names must be unique (restriction of data bags) #### Actions @@ -344,46 +320,6 @@ Warning: Data bags can be used, however OU names must be unique (restriction of end ``` -### 'ou_2008' - -#### Actions - -* :create: Adds organizational units to Active Directory. -WIP: -* :modify: Modifies an organizational unit. -* :move: Rename an organizational unit object without moving it in the directory tree, or move an object from its current location in the directory to a new location within a single domain controller. -* :delete: Remove an organizational unit object from Active Directory. - -#### Property Parameters - -* name: name property. Name of the Organization Unit object. -* domain_name: FQDN -* ou: Organization Unit path where object is to be located. -* options: ability to pass additional options http://technet.microsoft.com/en-us/library/cc770883.aspx -* cmd_user: user under which the interaction with AD should happen -* cmd_pass: password for user specified in cmd_user (only needed if user requires password) -* cmd_domain: domain of the user specified in cmd_user (only needed if user is a domain account) - -### 'ou_2012' - -#### Actions - -* :create: Adds organizational units to Active Directory. -WIP: -* :modify: Modifies an organizational unit. -* :move: Rename an organizational unit object without moving it in the directory tree, or move an object from its current location in the directory to a new location within a single domain controller. -* :delete: Remove an organizational unit object from Active Directory. - -#### Property Parameters - -* name: name property. Name of the Organization Unit object. -* domain_name: FQDN -* path: Organization Unit path where object is to be located. -* options: ability to pass additional options http://technet.microsoft.com/en-us/library/cc770883.aspx -* cmd_user: user under which the interaction with AD should happen -* cmd_pass: password for user specified in cmd_user (only needed if user requires password) -* cmd_domain: domain of the user specified in cmd_user (only needed if user is a domain account) - ### `users` #### Actions diff --git a/recipes/default.rb b/recipes/default.rb index 12594847..d3f7e7a8 100644 --- a/recipes/default.rb +++ b/recipes/default.rb @@ -24,32 +24,20 @@ # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. # -if Chef::Version.new(node['os_version']) >= Chef::Version.new('6.2') - %w( - Microsoft-Windows-GroupPolicy-ServerAdminTools-Update - ServerManager-Core-RSAT - ServerManager-Core-RSAT-Role-Tools - RSAT-AD-Tools-Feature - RSAT-ADDS-Tools-Feature - ActiveDirectory-Powershell - DirectoryServices-DomainController-Tools - DirectoryServices-AdministrativeCenter - DirectoryServices-DomainController - ).each do |feature| - windows_feature feature do - action :install - all true - end + +%w( + Microsoft-Windows-GroupPolicy-ServerAdminTools-Update + ServerManager-Core-RSAT + ServerManager-Core-RSAT-Role-Tools + RSAT-AD-Tools-Feature + RSAT-ADDS-Tools-Feature + ActiveDirectory-Powershell + DirectoryServices-DomainController-Tools + DirectoryServices-AdministrativeCenter + DirectoryServices-DomainController +).each do |feature| + windows_feature feature do + action :install + all true end -else - %w( - NetFx3 - Microsoft-Windows-GroupPolicy-ServerAdminTools-Update - DirectoryServices-DomainController - ).each do |feature| - windows_feature feature do - action :install - end - end - Chef::Log.warn('This version of Windows Server may be missing some resouce support. Help us out by submitting a pull request.') end diff --git a/test/cookbooks/windows_ad_test/recipes/setup_forest.rb b/test/cookbooks/windows_ad_test/recipes/setup_forest.rb index cf5be678..a708548e 100644 --- a/test/cookbooks/windows_ad_test/recipes/setup_forest.rb +++ b/test/cookbooks/windows_ad_test/recipes/setup_forest.rb @@ -8,15 +8,10 @@ safe_mode_pass 'Passw0rd' domain_pass 'vagrant' domain_user 'Administrator' - case node['os_version'] - when '6.1' - options('InstallDNS': 'yes') - when '6.2' - options('InstallDNS': nil) - end + options('InstallDNS': nil) action :create restart false - notifies :reboot_now, 'reboot[now]', :immediate + notifies :reboot_now, 'reboot[now]', :immediately end reboot 'now' do From 3832a1971a86ab68e9856ebc453750d4c074bfce Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Thu, 4 Mar 2021 12:04:36 -0600 Subject: [PATCH 03/73] switch to gitflows --- .appveyor.yml | 48 ------------------ .github/workflows/ci.yml | 93 ++++++++++++++++++++++++++++++++++ .github/workflows/md-links.yml | 19 +++++++ .kitchen.appveyor.yml | 69 ------------------------- kitchen.exec.yml | 14 +++++ kitchen.yml | 9 ++-- 6 files changed, 131 insertions(+), 121 deletions(-) delete mode 100644 .appveyor.yml create mode 100644 .github/workflows/ci.yml create mode 100644 .github/workflows/md-links.yml delete mode 100644 .kitchen.appveyor.yml create mode 100644 kitchen.exec.yml diff --git a/.appveyor.yml b/.appveyor.yml deleted file mode 100644 index 042b5c4b..00000000 --- a/.appveyor.yml +++ /dev/null @@ -1,48 +0,0 @@ -version: "build-{build}" - -os: Windows Server 2012 R2 -platform: - - x64 - -environment: - machine_user: vagrant - machine_pass: vagrant - machine_port: 5985 - KITCHEN_YAML: .kitchen.appveyor.yml - -branches: - only: - - master - -# Do not build on tags (GitHub only) -skip_tags: true - -#faster cloning -clone_depth: 1 - -# Install the latest nightly of ChefDK -install: - - ps: (& cmd /c); iex (irm https://omnitruck.chef.io/install.ps1); Install-Project -Project chefdk -channel current - - ps: 'Get-CimInstance win32_operatingsystem -Property Caption, OSArchitecture, Version | fl Caption, OSArchitecture, Version' - - ps: $PSVersionTable - - ps: $env:CHEF_LICENSE="accept" - - c:\opscode\chefdk\bin\chef.bat exec ruby --version - - ps: secedit /export /cfg $env:temp/export.cfg - - ps: ((get-content $env:temp/export.cfg) -replace ('PasswordComplexity = 1', 'PasswordComplexity = 0')) | Out-File $env:temp/export.cfg - - ps: ((get-content $env:temp/export.cfg) -replace ('MinimumPasswordLength = 8', 'MinimumPasswordLength = 0')) | Out-File $env:temp/export.cfg - - ps: secedit /configure /db $env:windir/security/new.sdb /cfg $env:temp/export.cfg /areas SECURITYPOLICY - - ps: net user /add $env:machine_user $env:machine_pass - - ps: net localgroup administrators $env:machine_user /add - -build_script: - - ps: c:\opscode\chefdk\bin\chef.bat shell-init powershell | iex; cmd /c c:\opscode\chefdk\bin\chef.bat --version - -test_script: - - c:\opscode\chefdk\bin\cookstyle --version - - c:\opscode\chefdk\bin\chef.bat exec foodcritic --version - - c:\opscode\chefdk\bin\chef.bat exec delivery local lint - - c:\opscode\chefdk\bin\chef.bat exec delivery local syntax -# - c:\opscode\chefdk\bin\chef.bat exec kitchen converge -# - c:\opscode\chefdk\bin\chef.bat exec kitchen verify - -deploy: off diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 00000000..e8dddc68 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,93 @@ +--- +name: ci + +"on": + pull_request: + push: + branches: + - master + +jobs: + delivery: + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@master + - name: Run Chef Delivery + uses: actionshub/chef-delivery@main + env: + CHEF_LICENSE: accept-no-persist + + yamllint: + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@master + - name: Run yaml Lint + uses: actionshub/yamllint@main + + mdl: + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@master + - name: Run Markdown Lint + uses: actionshub/markdownlint@main + windows-2016: + needs: [mdl, yamllint, delivery] + runs-on: windows-2016 + strategy: + matrix: + os: + - 'windows-2016' + suite: + - 'default' + - 'forest' + fail-fast: false + + steps: + - name: Check out code + uses: actions/checkout@master + - name: Install Chef + uses: actionshub/chef-install@master + - name: test-kitchen + uses: actionshub/test-kitchen@master + env: + CHEF_LICENSE: accept-no-persist + KITCHEN_LOCAL_YAML: kitchen.exec.yml + with: + suite: ${{ matrix.suite }} + os: ${{ matrix.os }} + + windows-2019: + needs: [mdl, yamllint, delivery] + runs-on: windows-2019 + strategy: + matrix: + os: + - 'windows-2019' + suite: + - 'default' + - 'forest' + fail-fast: false + + steps: + - name: Check out code + uses: actions/checkout@master + - name: Install Chef + uses: actionshub/chef-install@master + - name: Kitchen Exec + uses: actionshub/test-kitchen@master + env: + CHEF_LICENSE: accept-no-persist + KITCHEN_LOCAL_YAML: kitchen.exec.yml + with: + suite: ${{ matrix.suite }} + os: ${{ matrix.os }} + + final: + needs: [windows-2016, windows-2019] + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@master diff --git a/.github/workflows/md-links.yml b/.github/workflows/md-links.yml new file mode 100644 index 00000000..150e75c6 --- /dev/null +++ b/.github/workflows/md-links.yml @@ -0,0 +1,19 @@ +--- +name: md-links + +"on": + pull_request: + push: + branches: [master] + +jobs: + md-links: + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@master + - name: markdown-link-check + uses: gaurav-nelson/github-action-markdown-link-check@v1 + with: + use-verbose-mode: "yes" + folder-path: "documentation" diff --git a/.kitchen.appveyor.yml b/.kitchen.appveyor.yml deleted file mode 100644 index df422c19..00000000 --- a/.kitchen.appveyor.yml +++ /dev/null @@ -1,69 +0,0 @@ ---- -driver: - name: proxy - host: localhost - reset_command: "exit 0" - port: 5985 - username: <%= ENV["machine_user"] %> - password: <%= ENV["machine_pass"] %> - -provisioner: - name: chef_zero - client_rb: - chef_license: accept - retry_on_exit_code: - - 0 - - 1 # Exit, success: You still must reboot, this just notes that the automatic restart flag was removed - - 2 # Exit, success, need to reboot - - 3 # Exit, success, with a non-critical failure: Typically seen when returning the DNS Delegation warning. - - 4 # Exit, success, with a non-critical failure, need to reboot: Typically seen when returning the DNS Delegation warning. - - 35 # 35 is the exit code signaling that the node is rebooting - - 1190 #1190 is the exit code signaling that a reboot is scheduled - wait_for_retry: 600 # May need to increase depending on computing resources. - max_retries: 1 - -verifier: - name: inspec - -transport: - connection_retry_sleep: 300 # Prevent Winrm from failing out when DC is created. - winrm_transport: plaintext # When set to plaintext the winrm will run in one converge - -platforms: - - name: windows-2012r2 - driver: - box: tas50/windows_2012r2 - customize: - memory: 2048 - - name: windows-2016 - driver: - box: tas50/windows_2016 - customize: - memory: 2048 - - name: windows-2019 - driver: - box: tas50/windows_2016 - customize: - memory: 2048 - -suites: - - name: default - run_list: - - recipe[windows_ad::default] - verifier: - inspec_tests: - - test/integration/default - attributes: - -# - name: objects -# run_list: -# - recipe[windows_ad_test::setup_forest] -# - recipe[windows_ad_test::ou] -# - recipe[windows_ad_test::group] -# - recipe[windows_ad_test::user] -# verifier: -# inspec_tests: -# - test/integration/default -# - test/integration/forest -# - test/integration/objects -# attributes: \ No newline at end of file diff --git a/kitchen.exec.yml b/kitchen.exec.yml new file mode 100644 index 00000000..12449bf6 --- /dev/null +++ b/kitchen.exec.yml @@ -0,0 +1,14 @@ +--- +driver: + name: exec + +transport: + name: exec + +provisioner: + name: chef_zero + deprecations_as_errors: true + +platforms: + - name: windows-2016 + - name: windows-2019 diff --git a/kitchen.yml b/kitchen.yml index c8509e62..65295956 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -3,7 +3,7 @@ driver: name: vagrant customize: cpus: 2 - memory: 4096 + memory: 4096 provisioner: name: chef_zero @@ -11,6 +11,7 @@ provisioner: chef_license: accept-no-persist product_name: chef product_version: <%= ENV['CHEF_VERSION'] || 'latest' %> + # log_level: debug install_strategy: once retry_on_exit_code: - 0 @@ -27,11 +28,11 @@ verifier: name: inspec transport: - connection_retry_sleep: 120 # Prevent Winrm from failing out when DC is created. + connection_retry_sleep: 120 # Prevent Winrm from failing out when DC is created. winrm_transport: plaintext # When set to plaintext the winrm will run in one converge platforms: - - name: windows-2012-r2 + - name: windows-2012r2 driver: box: tas50/windows_2012r2 customize: @@ -75,4 +76,4 @@ suites: - test/integration/default - test/integration/forest - test/integration/objects - attributes: \ No newline at end of file + attributes: From 7a791536760ce2e123a6f7ec2b9e6931bd71e968 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Thu, 4 Mar 2021 12:08:52 -0600 Subject: [PATCH 04/73] mdlinks add documentation folder --- documentation/.gitkeep | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 documentation/.gitkeep diff --git a/documentation/.gitkeep b/documentation/.gitkeep new file mode 100644 index 00000000..e69de29b From 225edcfb018d58be8062fc7f92134adffd03fc3e Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Thu, 4 Mar 2021 12:10:27 -0600 Subject: [PATCH 05/73] remove 2008 spec --- spec/unit/recipes/default_spec.rb | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/spec/unit/recipes/default_spec.rb b/spec/unit/recipes/default_spec.rb index bdf18641..ff8e90af 100644 --- a/spec/unit/recipes/default_spec.rb +++ b/spec/unit/recipes/default_spec.rb @@ -22,17 +22,6 @@ expect { chef_run }.to_not raise_error end end - context 'when all attributes are default, on a server 2008 platform' do - let(:chef_run) { ChefSpec::ServerRunner.new(platform: 'windows', version: '2008').converge(described_recipe) } - - it 'installs a windows_feature `NetFx3`' do - expect(chef_run).to install_windows_feature('NetFx3') - end - - it 'converges successfully' do - expect { chef_run }.to_not raise_error - end - end context 'when all attributes are default, on a server 2012 platform' do let(:chef_run) { ChefSpec::ServerRunner.new(platform: 'windows', version: '2012').converge(described_recipe) } From ff1c611d5d7fb9e8207196e769d509bbb3c066f0 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Thu, 4 Mar 2021 13:49:50 -0600 Subject: [PATCH 06/73] yamllint --- .github/workflows/ci.yml | 2 +- .github/workflows/delivery.yml | 13 +++++++------ kitchen.yml | 12 +++++++----- 3 files changed, 15 insertions(+), 12 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e8dddc68..e223c778 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@master + uses: actions/checkout@main - name: Run Chef Delivery uses: actionshub/chef-delivery@main env: diff --git a/.github/workflows/delivery.yml b/.github/workflows/delivery.yml index 4b5c4676..5b86f8d6 100644 --- a/.github/workflows/delivery.yml +++ b/.github/workflows/delivery.yml @@ -1,3 +1,4 @@ +--- name: delivery on: [push, pull_request] @@ -8,9 +9,9 @@ jobs: runs-on: ubuntu-latest steps: - - name: Check out code - uses: actions/checkout@master - - name: Run Chef Delivery - uses: actionshub/chef-delivery@master - env: - CHEF_LICENSE: accept-no-persist \ No newline at end of file + - name: Check out code + uses: actions/checkout@master + - name: Run Chef Delivery + uses: actionshub/chef-delivery@master + env: + CHEF_LICENSE: accept-no-persist diff --git a/kitchen.yml b/kitchen.yml index 65295956..10368eab 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -15,10 +15,10 @@ provisioner: install_strategy: once retry_on_exit_code: - 0 - - 1 # Exit, success: You still must reboot, this just notes that the automatic restart flag was removed + - 1 # Exit, success: You still must reboot - 2 # Exit, success, need to reboot - - 3 # Exit, success, with a non-critical failure: Typically seen when returning the DNS Delegation warning. - - 4 # Exit, success, with a non-critical failure, need to reboot: Typically seen when returning the DNS Delegation warning. + - 3 # Exit, success, with a non-critical failure + - 4 # Exit, success, with a non-critical failure, need to reboot - 35 # 35 is the exit code signaling that the node is rebooting - 1190 #1190 is the exit code signaling that a reboot is scheduled wait_for_retry: 200 # May need to increase depending on computing resources. @@ -28,8 +28,10 @@ verifier: name: inspec transport: - connection_retry_sleep: 120 # Prevent Winrm from failing out when DC is created. - winrm_transport: plaintext # When set to plaintext the winrm will run in one converge + # Prevent Winrm from failing out when DC is created. + connection_retry_sleep: 120 + # When set to plaintext the winrm will run in one converge + winrm_transport: plaintext platforms: - name: windows-2012r2 From a387e41d03df9b650bcb05b524a47cf5c9d8f0c3 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Thu, 4 Mar 2021 14:12:08 -0600 Subject: [PATCH 07/73] update root files --- .editorconfig | 19 ++++++++++++++ .gitattributes | 1 + .mdlrc | 1 + .overcommit.yml | 20 +++++++++++++++ .rubocop.yml | 14 ----------- .rubocop_todo.yml | 63 ----------------------------------------------- .yamllint | 7 ++++++ 7 files changed, 48 insertions(+), 77 deletions(-) create mode 100644 .editorconfig create mode 100644 .gitattributes create mode 100644 .mdlrc create mode 100644 .overcommit.yml delete mode 100644 .rubocop.yml delete mode 100644 .rubocop_todo.yml create mode 100644 .yamllint diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 00000000..cc21b046 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,19 @@ +# https://EditorConfig.org + +# top-most EditorConfig file +root=true + +# Unix-style newlines with a newline ending every file +[*] +end_of_line = lf +insert_final_newline = true + +# 2 space indentation +indent_style = space +indent_size = 2 + +# Avoid issues parsing cookbook files later +charset = utf-8 + +# Avoid cookstyle warnings +trim_trailing_whitespace = true diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 00000000..6313b56c --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +* text=auto eol=lf diff --git a/.mdlrc b/.mdlrc new file mode 100644 index 00000000..105f5907 --- /dev/null +++ b/.mdlrc @@ -0,0 +1 @@ +rules "~MD013", "~MD024", "~MD025", "~MD033" diff --git a/.overcommit.yml b/.overcommit.yml new file mode 100644 index 00000000..1d27ed8d --- /dev/null +++ b/.overcommit.yml @@ -0,0 +1,20 @@ +--- +PreCommit: + TrailingWhitespace: + enabled: true + YamlLint: + enabled: true + Rspec: + enabled: true + required_executable: 'rspec' + Cookstyle: + enabled: true + required_executable: 'cookstyle' + command: ["cookstyle"] + Delivery: + enabled: true + required_executable: 'delivery' + flags: ['local', 'all'] +CommitMsg: + HardTabs: + enabled: true diff --git a/.rubocop.yml b/.rubocop.yml deleted file mode 100644 index 049d7715..00000000 --- a/.rubocop.yml +++ /dev/null @@ -1,14 +0,0 @@ -inherit_from: .rubocop_todo.yml - -Metrics/BlockNesting: - Max: 4 - -Metrics/LineLength: - Max: 180 - -Layout/EndOfLine: - EnforcedStyle: lf - -Style/IfInsideElse: - Exclude: - - 'resources/domain.rb' diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml deleted file mode 100644 index 39904517..00000000 --- a/.rubocop_todo.yml +++ /dev/null @@ -1,63 +0,0 @@ -# This configuration was generated by -# `rubocop --auto-gen-config` -# on 2019-11-04 10:57:41 -0600 using RuboCop version 0.72.0. -# The point is for the user to remove these configuration records -# one by one as the offenses are removed from the code base. -# Note that changes in the inspected code, or installation of new -# versions of RuboCop, may require this file to be generated again. - -# Offense count: 1 -Layout/ConditionPosition: - Exclude: - - 'resources/domain.rb' - -# Offense count: 1 -# Configuration parameters: AllowSafeAssignment. -Lint/AssignmentInCondition: - Exclude: - - 'resources/domain.rb' - -# Offense count: 12 -Metrics/AbcSize: - Max: 30 - -# Offense count: 6 -# Configuration parameters: CountComments, ExcludedMethods. -# ExcludedMethods: refine -Metrics/BlockLength: - Max: 102 - -# Offense count: 1 -Metrics/CyclomaticComplexity: - Max: 11 - -# Offense count: 8 -# Configuration parameters: CountComments, ExcludedMethods. -Metrics/MethodLength: - Max: 28 - -# Offense count: 2 -Metrics/PerceivedComplexity: - Max: 9 - -# Offense count: 3 -# Configuration parameters: MinNameLength, AllowNamesEndingInNumbers, AllowedNames, ForbiddenNames. -# AllowedNames: io, id, to, by, on, in, at, ip, db -Naming/MethodParameterName: - Exclude: - - 'libraries/cmd_helper.rb' - -# Offense count: 34 -# Cop supports --auto-correct. -# Configuration parameters: EnforcedStyle. -# SupportedStyles: always, never -Style/FrozenStringLiteralComment: - Enabled: false - -# Offense count: 3 -# Cop supports --auto-correct. -Style/IfUnlessModifier: - Exclude: - - 'libraries/cmd_helper.rb' - - 'resources/ou.rb' - - 'resources/ou_2008.rb' diff --git a/.yamllint b/.yamllint new file mode 100644 index 00000000..2d696128 --- /dev/null +++ b/.yamllint @@ -0,0 +1,7 @@ +--- +extends: default +rules: + line-length: + max: 256 + level: warning + document-start: disable From 34cb9d3fbe0e6c2a57695808ae2588dd668d875b Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Thu, 4 Mar 2021 14:13:56 -0600 Subject: [PATCH 08/73] remove duplicate action --- .github/workflows/delivery.yml | 17 ----------------- .github/workflows/md-links.yml | 19 ------------------- 2 files changed, 36 deletions(-) delete mode 100644 .github/workflows/delivery.yml delete mode 100644 .github/workflows/md-links.yml diff --git a/.github/workflows/delivery.yml b/.github/workflows/delivery.yml deleted file mode 100644 index 5b86f8d6..00000000 --- a/.github/workflows/delivery.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -name: delivery - -on: [push, pull_request] - -jobs: - delivery: - - runs-on: ubuntu-latest - - steps: - - name: Check out code - uses: actions/checkout@master - - name: Run Chef Delivery - uses: actionshub/chef-delivery@master - env: - CHEF_LICENSE: accept-no-persist diff --git a/.github/workflows/md-links.yml b/.github/workflows/md-links.yml deleted file mode 100644 index 150e75c6..00000000 --- a/.github/workflows/md-links.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -name: md-links - -"on": - pull_request: - push: - branches: [master] - -jobs: - md-links: - runs-on: ubuntu-latest - steps: - - name: Check out code - uses: actions/checkout@master - - name: markdown-link-check - uses: gaurav-nelson/github-action-markdown-link-check@v1 - with: - use-verbose-mode: "yes" - folder-path: "documentation" From 96e36de1345653ea73240ebfea0fca8847affbfb Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Thu, 4 Mar 2021 14:29:46 -0600 Subject: [PATCH 09/73] markdown lint --- .mdlrc | 2 +- CHANGELOG.md | 37 +++-- README.md | 388 +++++++++++++++++++++++++-------------------------- TESTING.md | 36 +---- 4 files changed, 213 insertions(+), 250 deletions(-) diff --git a/.mdlrc b/.mdlrc index 105f5907..bfef9b20 100644 --- a/.mdlrc +++ b/.mdlrc @@ -1 +1 @@ -rules "~MD013", "~MD024", "~MD025", "~MD033" +rules "~MD013", "~MD024", "~MD025", "~MD029", "~MD033" diff --git a/CHANGELOG.md b/CHANGELOG.md index ef68cd90..c4d86742 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -24,7 +24,7 @@ ## 0.6.3 -* Issue 121 - https://github.com/TAMUArch/cookbook.windows_ad/issues/121 allow use of spaces in Distinguished Name. +* Issue 121 - allow use of spaces in Distinguished Name. ## 0.6.2 @@ -44,16 +44,16 @@ ## 0.5.4 -* Issue 100 - https://github.com/TAMUArch/cookbook.windows_ad/issues/100 initial support for Windows 2016. +* Issue 100 - initial support for Windows 2016. * Quality changes - chefignore, default recipe uses float to compare os_version. ## 0.5.3 -* Issue 87 - https://github.com/TAMUArch/cookbook.windows_ad/issues/87 revert Robocop edits on providers +* Issue 87 - revert Robocop edits on providers ## 0.5.2 -* Issue 85 - https://github.com/TAMUArch/cookbook.windows_ad/issues/85 revert Robocop edits on dsquery +* Issue 85 - revert Robocop edits on dsquery ## 0.5.1 @@ -61,16 +61,16 @@ ## 0.5.0 -* Join and unjoin actions from domain provider moved to computer provider - https://github.com/TAMUArch/cookbook.windows_ad/pull/77 -* Correct user action to address dsmod error - https://github.com/TAMUArch/cookbook.windows_ad/issues/71 +* Join and unjoin actions from domain provider moved to computer provider - +* Correct user action to address dsmod error - * Fixed bug in join ou that always reported that the resource was updated -* Gitter badger added - https://github.com/TAMUArch/cookbook.windows_ad/pull/66 -* Proper formattign for pre-win2012 systems - https://github.com/TAMUArch/cookbook.windows_ad/pull/70 and https://github.com/TAMUArch/cookbook.windows_ad/pull/74 +* Gitter badger added - +* Proper formattign for pre-win2012 systems - and ## 0.4.5 -* Rubocop and foodcritic - https://github.com/TAMUArch/cookbook.windows_ad/issues/2 -* Add success return codes for installing DC. - https://github.com/TAMUArch/cookbook.windows_ad/issues/1 +* Rubocop and foodcritic - +* Add success return codes for installing DC. - ## 0.4.4 @@ -103,7 +103,7 @@ ## 0.3.7 * Mark attributes as required for :domain resource -* Fixed regression on install forest with unnecessary credentials +* Fixed regression on install forest with unnecessary credentials ## 0.3.6 @@ -117,27 +117,22 @@ * Formatting changes - remove tabs -## 0.3.2: +## 0.3.2 * Logic change to ensure server 2012 is still works correctly -## 0.3.0: +## 0.3.0 * Support for Windows Server 2008 R2 for domain provider -## 0.2.1: +## 0.2.1 * Community contributions - nested ou support -## 0.2.0: +## 0.2.0 * AD Object Support -## 0.1.0: +## 0.1.0 * Initial release of active-directory - - - - - diff --git a/README.md b/README.md index e170cfc7..31723539 100644 --- a/README.md +++ b/README.md @@ -47,39 +47,39 @@ The windows_ad::default recipe installs the required roles and features to suppo * domain_pass: domain password * domain_user: domain user * ou: Organization Unit path where object is to be located. -* options: ability to pass additional options http://technet.microsoft.com/en-us/library/cc754539.aspx +* options: ability to pass additional options * cmd_user: user under which the interaction with AD should happen * cmd_pass: password for user specified in cmd_user (only needed if user requires password) * cmd_domain: domain of the user specified in cmd_user (only needed if user is a domain account) #### Examples - ```rb - # Create computer "workstation1" in the Computers OU - windows_ad_computer "workstation1" do - action :create - domain_name "contoso.local" - ou "computers" - end - - # Create computer "workstation1" in the Computers OU with description of "Computer" - windows_ad_computer "workstation1" do - action :create - domain_name "contoso.local" - ou "computers" - options ({ "desc" => "computer" }) - end - - # Create computer "workstation1" in the Computers OU using domain admin account - windows_ad_computer "workstation1" do - action :create - domain_name "contoso.local" - ou "computers" - cmd_user "Administrator" - cmd_pass "password" - cmd_domain "contoso.local" - end - ``` + ```rb + # Create computer "workstation1" in the Computers OU + windows_ad_computer "workstation1" do + action :create + domain_name "contoso.local" + ou "computers" + end + + # Create computer "workstation1" in the Computers OU with description of "Computer" + windows_ad_computer "workstation1" do + action :create + domain_name "contoso.local" + ou "computers" + options ({ "desc" => "computer" }) + end + + # Create computer "workstation1" in the Computers OU using domain admin account + windows_ad_computer "workstation1" do + action :create + domain_name "contoso.local" + ou "computers" + cmd_user "Administrator" + cmd_pass "password" + cmd_domain "contoso.local" + end + ``` ### `contact` @@ -95,38 +95,38 @@ The windows_ad::default recipe installs the required roles and features to suppo * name: name property. Name of the contact object. * domain_name: FQDN * ou: Organization Unit path where object is to be located. -* options: ability to pass additional options http://technet.microsoft.com/en-us/library/cc771883.aspx +* options: ability to pass additional options * cmd_user: user under which the interaction with AD should happen * cmd_pass: password for user specified in cmd_user (only needed if user requires password) * cmd_domain: domain of the user specified in cmd_user (only needed if user is a domain account) #### Examples - ```rb - # Create contact "Bob Smith" in the Users OU with firstname "Bob" and lastname "Smith" - windows_ad_contact "Bob Smith" do - action :create - domain_name "contoso.local" - ou "users" - options ({ "fn" => "Bob", - "ln" => "Smith" - }) - end - - # Create contact "Bob Smith" in the Users OU with firstname "Bob" and lastname "Smith" - # using domain admin account - windows_ad_contact "Bob Smith" do - action :create - domain_name "contoso.local" - ou "users" - options ({ "fn" => "Bob", - "ln" => "Smith" - }) - cmd_user "Administrator" - cmd_pass "password" - cmd_domain "contoso.local" - end - ``` + ```rb + # Create contact "Bob Smith" in the Users OU with firstname "Bob" and lastname "Smith" + windows_ad_contact "Bob Smith" do + action :create + domain_name "contoso.local" + ou "users" + options ({ "fn" => "Bob", + "ln" => "Smith" + }) + end + + # Create contact "Bob Smith" in the Users OU with firstname "Bob" and lastname "Smith" + # using domain admin account + windows_ad_contact "Bob Smith" do + action :create + domain_name "contoso.local" + ou "users" + options ({ "fn" => "Bob", + "ln" => "Smith" + }) + cmd_user "Administrator" + cmd_pass "password" + cmd_domain "contoso.local" + end + ``` ### `domain` @@ -145,41 +145,41 @@ The windows_ad::default recipe installs the required roles and features to suppo * local_pass: Local Administrator Password for removing domain controller. * replica_type: For Windows Server 2008, specifies installing new or additional domain controller. Valid values: domain, replica. * restart: when creating domain, will prevent Windows from automatically restarting. If not specified, defaults to true (which queues the restart). Valid values: true, false. -* options: additional options as needed by AD DS Deployment http://technet.microsoft.com/en-us/library/cc732887.aspx for Windows Server 2008 and http://technet.microsoft.com/en-us/library/hh974719.aspx for Windows Server 2012. Single parameters use nil for key value, see example below. +* options: additional options as needed by AD DS Deployment for Windows Server 2008 and for Windows Server 2012. Single parameters use nil for key value, see example below. #### Examples - ```rb - # Create Contoso.com forest - windows_ad_domain "contoso.local" do - action :create - type "forest" - safe_mode_pass "Passw0rd" - end - - # Create Contoso.com forest and don't restart Windows - windows_ad_domain "contoso.local" do - action :create - type "forest" - safe_mode_pass "Passw0rd" - restart false - end - - # Create Contoso.com replica - windows_ad_domain "contoso.local" do - action :create - type "replica" - safe_mode_pass "Passw0rd" - domain_pass "Passw0rd" - domain_user "Administrator" - end - - # Remove Domain Controller - windows_ad_domain "contoso.local" do - action :delete - local_pass "Passw0rd" - end - ``` + ```rb + # Create Contoso.com forest + windows_ad_domain "contoso.local" do + action :create + type "forest" + safe_mode_pass "Passw0rd" + end + + # Create Contoso.com forest and don't restart Windows + windows_ad_domain "contoso.local" do + action :create + type "forest" + safe_mode_pass "Passw0rd" + restart false + end + + # Create Contoso.com replica + windows_ad_domain "contoso.local" do + action :create + type "replica" + safe_mode_pass "Passw0rd" + domain_pass "Passw0rd" + domain_user "Administrator" + end + + # Remove Domain Controller + windows_ad_domain "contoso.local" do + action :delete + local_pass "Passw0rd" + end + ``` ### `group` @@ -195,40 +195,40 @@ The windows_ad::default recipe installs the required roles and features to suppo * name: name property. Name of the group object. * domain_name: FQDN * ou: Organization Unit path where object is to be located. -* options: ability to pass additional options http://technet.microsoft.com/en-us/library/cc754037.aspx +* options: ability to pass additional options * cmd_user: user under which the interaction with AD should happen * cmd_pass: password for user specified in cmd_user (only needed if user requires password) * cmd_domain: domain of the user specified in cmd_user (only needed if user is a domain account) #### Examples - ```rb - # Create group "IT" in the Users OU - windows_ad_group "IT" do - action :create - domain_name "contoso.local" - ou "users" - end - - # Create group "IT" in the Users OU with Description "Information Technology Security Group" - windows_ad_group "IT" do - action :create - domain_name "contoso.local" - ou "users" - options ({ "desc" => "Information Technology Security Group" - }) - end - - # Create group "IT" in the Users OU using domain admin account - windows_ad_group "IT" do - action :create - domain_name "contoso.local" - ou "users" - cmd_user "Administrator" - cmd_pass "password" - cmd_domain "contoso.local" - end - ``` + ```rb + # Create group "IT" in the Users OU + windows_ad_group "IT" do + action :create + domain_name "contoso.local" + ou "users" + end + + # Create group "IT" in the Users OU with Description "Information Technology Security Group" + windows_ad_group "IT" do + action :create + domain_name "contoso.local" + ou "users" + options ({ "desc" => "Information Technology Security Group" + }) + end + + # Create group "IT" in the Users OU using domain admin account + windows_ad_group "IT" do + action :create + domain_name "contoso.local" + ou "users" + cmd_user "Administrator" + cmd_pass "password" + cmd_domain "contoso.local" + end + ``` ### `group_member` @@ -250,28 +250,28 @@ The windows_ad::default recipe installs the required roles and features to suppo #### Examples - ```rb - # Add user "Joe Smith" in the Users OU to group "Admins" in OU "AD/Groups" - windows_ad_group_member 'Joe Smith' do - action :add - group_name 'Admins' - domain_name 'contoso.local' - user_ou 'users' - group_ou 'AD/Groups' - end - - # Add user "Joe Smith" in the Users OU to group "Admins" in OU "AD/Groups" using domain admin account - windows_ad_group_member 'Joe Smith' do - action :add - group_name 'Admins' - domain_name 'contoso.local' - user_ou 'users' - group_ou 'AD/Groups' - cmd_user "Administrator" - cmd_pass "password" - cmd_domain "contoso.local" - end - ``` + ```rb + # Add user "Joe Smith" in the Users OU to group "Admins" in OU "AD/Groups" + windows_ad_group_member 'Joe Smith' do + action :add + group_name 'Admins' + domain_name 'contoso.local' + user_ou 'users' + group_ou 'AD/Groups' + end + + # Add user "Joe Smith" in the Users OU to group "Admins" in OU "AD/Groups" using domain admin account + windows_ad_group_member 'Joe Smith' do + action :add + group_name 'Admins' + domain_name 'contoso.local' + user_ou 'users' + group_ou 'AD/Groups' + cmd_user "Administrator" + cmd_pass "password" + cmd_domain "contoso.local" + end + ``` ### `ou` @@ -289,36 +289,36 @@ Warning: Data bags can be used, however OU names must be unique (restriction of * name: name property. Name of the Organization Unit object. * domain_name: FQDN * ou: Organization Unit path where object is to be located. -* options: ability to pass additional options http://technet.microsoft.com/en-us/library/cc770883.aspx +* options: ability to pass additional options * cmd_user: user under which the interaction with AD should happen * cmd_pass: password for user specified in cmd_user (only needed if user requires password) * cmd_domain: domain of the user specified in cmd_user (only needed if user is a domain account) #### Examples - ```rb - # Create Organizational Unit "Departments" in the root - windows_ad_ou "Departments" do - action :create - domain_name "contoso.local" - end - - # Create Organizational Unit "IT" in the "Department" OUroot - windows_ad_ou "IT" do - action :create - domain_name "contoso.local" - ou "Departments" - end - - # Create Organizational Unit "Departments" in the root using domain admin account - windows_ad_ou "Departments" do - action :create - domain_name "contoso.local" - cmd_user "Administrator" - cmd_pass "password" - cmd_domain "contoso.local" - end - ``` + ```rb + # Create Organizational Unit "Departments" in the root + windows_ad_ou "Departments" do + action :create + domain_name "contoso.local" + end + + # Create Organizational Unit "IT" in the "Department" OUroot + windows_ad_ou "IT" do + action :create + domain_name "contoso.local" + ou "Departments" + end + + # Create Organizational Unit "Departments" in the root using domain admin account + windows_ad_ou "Departments" do + action :create + domain_name "contoso.local" + cmd_user "Administrator" + cmd_pass "password" + cmd_domain "contoso.local" + end + ``` ### `users` @@ -334,7 +334,7 @@ Warning: Data bags can be used, however OU names must be unique (restriction of * name: name property. Name of the user object. * domain_name: FQDN * ou: Organization Unit path where object is located. -* options: ability to pass additional options http://technet.microsoft.com/en-us/library/cc731279.aspx +* options: ability to pass additional options * reverse: allows the reversing of "First Name Last Name" to "Last Name, First Name" * cmd_user: user under which the interaction with AD should happen * cmd_pass: password for user specified in cmd_user (only needed if user requires password) @@ -342,40 +342,40 @@ Warning: Data bags can be used, however OU names must be unique (restriction of #### Examples - ```rb - # Create user "Joe Smith" in the Users OU - windows_ad_user "Joe Smith" do - action :create - domain_name "contoso.local" - ou "users" - options ({ "samid" => "JSmith", - "upn" => "JSmith@contoso.local", - "fn" => "Joe", - "ln" => "Smith", - "display" => "Smith, Joe", - "disabled" => "no", - "pwd" => "Passw0rd" - }) - end - - # Create user "Joe Smith" in the Users OU using domain admin account - windows_ad_user "Joe Smith" do - action :create - domain_name "contoso.local" - ou "users" - options ({ "samid" => "JSmith", - "upn" => "JSmith@contoso.local", - "fn" => "Joe", - "ln" => "Smith", - "display" => "Smith, Joe", - "disabled" => "no", - "pwd" => "Passw0rd" - }) - cmd_user "Administrator" - cmd_pass "password" - cmd_domain "contoso.local" - end - ``` + ```rb + # Create user "Joe Smith" in the Users OU + windows_ad_user "Joe Smith" do + action :create + domain_name "contoso.local" + ou "users" + options ({ "samid" => "JSmith", + "upn" => "JSmith@contoso.local", + "fn" => "Joe", + "ln" => "Smith", + "display" => "Smith, Joe", + "disabled" => "no", + "pwd" => "Passw0rd" + }) + end + + # Create user "Joe Smith" in the Users OU using domain admin account + windows_ad_user "Joe Smith" do + action :create + domain_name "contoso.local" + ou "users" + options ({ "samid" => "JSmith", + "upn" => "JSmith@contoso.local", + "fn" => "Joe", + "ln" => "Smith", + "display" => "Smith, Joe", + "disabled" => "no", + "pwd" => "Passw0rd" + }) + cmd_user "Administrator" + cmd_pass "password" + cmd_domain "contoso.local" + end + ``` ## Contributing diff --git a/TESTING.md b/TESTING.md index ab5a1164..920e381f 100644 --- a/TESTING.md +++ b/TESTING.md @@ -1,35 +1,3 @@ -# TESTING # +# Testing -The [ChefDK](https://docs.chef.io/about_chefdk.html) contains all the tools required to test and develop for this cookbook. A `project.toml` file is provided so that all testing commands can be run using the `delivery local` cli that comes with ChefDK. - -### Style Testing ### -Run `delivery local lint` to run cookstyle and `delivery local syntax` to run foodcritic. - -### Spec Testing ### -Run `delivery local unit` to run [ChefSpec](https://github.com/chefspec/chefspec) tests. - -### Combined Style + Spec Testing ### -All cookstyle, foodcritic and Chefspec tests can be run in a single command using `delivery local verify` - -### Integration Testing ### -Integration testing with [Test Kitchen](https://docs.chef.io/kitchen.html) can also be done using the delivery cli. To execute all stages of testing with test kitchen you can run either `delivery local acceptance` or `kitchen test` - -Test Kitchen is configured to use vagrant by default and uses [inspec](https://www.inspec.io/) to verify. - -## Private Images - -Some operating systems have specific licenses that prevent us from making those images available freely. We either comment these the .kitchen.yml or create a separate .kitchen.vmware.yml file for Chef internal use. - -Images include: - -- Windows Server 2008 -- Windows Server 2012 -- Windows Server 2016 -- Windows Server 2019 -- Windows 7 Professional -- Windows 8.1 Professional -- Mac OS X 10.7-10.12 -- SLES 12 / 12SP1 -- Solaris 10.11 - -Windows Images: https://atlas.hashicorp.com/boxes/search?order=desc&page=1&provider=virtualbox&q=windows&sort=updated&utf8=%E2%9C%93 \ No newline at end of file +Please refer to [the community cookbook documentation on testing](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/TESTING.MD). From 58903ee58cb549be133ec97bbe15b8007e6c5d97 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Thu, 4 Mar 2021 14:41:46 -0600 Subject: [PATCH 10/73] refactor deprication logic --- resources/domain.rb | 41 +++++++++++++++++++++-------------------- 1 file changed, 21 insertions(+), 20 deletions(-) diff --git a/resources/domain.rb b/resources/domain.rb index b6c2a513..7f9f35a9 100644 --- a/resources/domain.rb +++ b/resources/domain.rb @@ -23,23 +23,26 @@ action :create do if exists? + Chef::Log.debug('The object already exists') else - if Chef::Version.new(node['os_version']) >= Chef::Version.new('6.2') - cmd = create_command - cmd << " -DomainName #{new_resource.name}" - cmd << " -SafeModeAdministratorPassword (convertto-securestring '#{new_resource.safe_mode_pass}' -asplaintext -Force)" - cmd << ' -Force:$true' - cmd << ' -NoRebootOnCompletion' unless new_resource.restart - elsif Chef::Log.warn('This version of Windows Server is no longer supported - as the platform is EOL.') - end - Chef::Log.debug("cmd is #{cmd}") - cmd << format_options(new_resource.options) + cmd = create_command + cmd << " -DomainName #{new_resource.name}" + cmd << " -SafeModeAdministratorPassword (convertto-securestring '#{new_resource.safe_mode_pass}' -asplaintext -Force)" + cmd << ' -Force:$true' + cmd << ' -NoRebootOnCompletion' unless new_resource.restart + end - powershell_script "create_domain_#{new_resource.name}" do - code cmd - returns [0, 1, 2, 3, 4] - end + if Chef::Version.new(node['os_version']) < Chef::Version.new('6.2') + Chef::Log.warn('This version of Windows Server is no longer supported as the platform is EOL.') + end + + Chef::Log.debug("cmd is #{cmd}") + + cmd << format_options(new_resource.options) + + powershell_script "create_domain_#{new_resource.name}" do + code cmd + returns [0, 1, 2, 3, 4] end end @@ -121,12 +124,10 @@ def format_options(options) else " -#{option}:#{value}" end + elsif Chef::Version.new(node['os_version']) >= Chef::Version.new('6.2') + " -#{option} '#{value}'" else - if Chef::Version.new(node['os_version']) >= Chef::Version.new('6.2') - " -#{option} '#{value}'" - else - " -#{option}:'#{value}'" - end + " -#{option}:'#{value}'" end end end From f73f6afba0909d1bf9a2fb10f19aa6a527ef2d90 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Thu, 4 Mar 2021 15:07:36 -0600 Subject: [PATCH 11/73] gitactions reboot testing --- .github/workflows/ci.yml | 5 +++-- kitchen.exec.yml | 14 ++++++++++++++ 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e223c778..8796eb7f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -33,6 +33,7 @@ jobs: uses: actions/checkout@master - name: Run Markdown Lint uses: actionshub/markdownlint@main + windows-2016: needs: [mdl, yamllint, delivery] runs-on: windows-2016 @@ -49,7 +50,7 @@ jobs: - name: Check out code uses: actions/checkout@master - name: Install Chef - uses: actionshub/chef-install@master + uses: actionshub/chef-install@main - name: test-kitchen uses: actionshub/test-kitchen@master env: @@ -75,7 +76,7 @@ jobs: - name: Check out code uses: actions/checkout@master - name: Install Chef - uses: actionshub/chef-install@master + uses: actionshub/chef-install@main - name: Kitchen Exec uses: actionshub/test-kitchen@master env: diff --git a/kitchen.exec.yml b/kitchen.exec.yml index 12449bf6..ee3b2078 100644 --- a/kitchen.exec.yml +++ b/kitchen.exec.yml @@ -4,10 +4,24 @@ driver: transport: name: exec + # Prevent Winrm from failing out when DC is created. + connection_retry_sleep: 120 + # When set to plaintext the winrm will run in one converge + winrm_transport: plaintext provisioner: name: chef_zero deprecations_as_errors: true + retry_on_exit_code: + - 0 + - 1 # Exit, success: You still must reboot + - 2 # Exit, success, need to reboot + - 3 # Exit, success, with a non-critical failure + - 4 # Exit, success, with a non-critical failure, need to reboot + - 35 # 35 is the exit code signaling that the node is rebooting + - 1190 #1190 is the exit code signaling that a reboot is scheduled + wait_for_retry: 200 # May need to increase depending on computing resources. + max_retries: 2 platforms: - name: windows-2016 From cb6aeefeb7fdf8b643cb5ee4d1d88c0a833cf7d4 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Fri, 5 Mar 2021 14:41:34 -0600 Subject: [PATCH 12/73] fix resource logic --- resources/domain.rb | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/resources/domain.rb b/resources/domain.rb index 7f9f35a9..edfabc82 100644 --- a/resources/domain.rb +++ b/resources/domain.rb @@ -30,19 +30,19 @@ cmd << " -SafeModeAdministratorPassword (convertto-securestring '#{new_resource.safe_mode_pass}' -asplaintext -Force)" cmd << ' -Force:$true' cmd << ' -NoRebootOnCompletion' unless new_resource.restart - end - if Chef::Version.new(node['os_version']) < Chef::Version.new('6.2') - Chef::Log.warn('This version of Windows Server is no longer supported as the platform is EOL.') - end + Chef::Log.debug("cmd is #{cmd}") - Chef::Log.debug("cmd is #{cmd}") + cmd << format_options(new_resource.options) - cmd << format_options(new_resource.options) + powershell_script "create_domain_#{new_resource.name}" do + code cmd + returns [0, 1, 2, 3, 4] + end + end - powershell_script "create_domain_#{new_resource.name}" do - code cmd - returns [0, 1, 2, 3, 4] + if Chef::Version.new(node['os_version']) < Chef::Version.new('6.2') + Chef::Log.warn('This version of Windows Server is no longer supported as the platform is EOL.') end end From c4c70a4453b6cc239ee885b45d44e7ec0a875239 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Fri, 5 Mar 2021 15:04:35 -0600 Subject: [PATCH 13/73] test differences in branch --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8796eb7f..df231fc1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -50,7 +50,7 @@ jobs: - name: Check out code uses: actions/checkout@master - name: Install Chef - uses: actionshub/chef-install@main + uses: actionshub/chef-install@master - name: test-kitchen uses: actionshub/test-kitchen@master env: @@ -76,7 +76,7 @@ jobs: - name: Check out code uses: actions/checkout@master - name: Install Chef - uses: actionshub/chef-install@main + uses: actionshub/chef-install@master - name: Kitchen Exec uses: actionshub/test-kitchen@master env: From f829403905232b6c080e87751145fb1ae78552c7 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Mon, 8 Mar 2021 09:45:39 -0600 Subject: [PATCH 14/73] increase timeout to find success case --- kitchen.exec.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kitchen.exec.yml b/kitchen.exec.yml index ee3b2078..d40de6f9 100644 --- a/kitchen.exec.yml +++ b/kitchen.exec.yml @@ -20,8 +20,8 @@ provisioner: - 4 # Exit, success, with a non-critical failure, need to reboot - 35 # 35 is the exit code signaling that the node is rebooting - 1190 #1190 is the exit code signaling that a reboot is scheduled - wait_for_retry: 200 # May need to increase depending on computing resources. - max_retries: 2 + wait_for_retry: 300 # May need to increase depending on computing resources. + max_retries: 3 platforms: - name: windows-2016 From 051362a81f827d709bfd79d29cefe7ba6c059f5f Mon Sep 17 00:00:00 2001 From: Julien Lebot Date: Wed, 30 Jun 2021 11:47:19 +0200 Subject: [PATCH 15/73] Add child domain support --- resources/domain.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/resources/domain.rb b/resources/domain.rb index 1c722bb1..8dbfcea1 100644 --- a/resources/domain.rb +++ b/resources/domain.rb @@ -12,6 +12,7 @@ property :domain_user, String, required: true property :domain_pass, String, required: true +property :parent_domain_name, String property :restart, [TrueClass, FalseClass], required: true property :type, String, default: 'forest' property :safe_mode_pass, String, required: true @@ -104,6 +105,10 @@ def create_command cmd << 'Install-ADDSForest' when 'domain' cmd << 'Install-ADDSDomain -Credential $mycreds' + if parent_domain_name && !parent_domain_name.empty? + cmd << ' -DomainType ChildDomain' + cmd << " -ParentDomainName '#{new_resource.parent_domain_name}'" + end when 'replica' cmd << 'Install-ADDSDomainController -Credential $mycreds' when 'read-only' From 5a6c2c03657856f1d1b32ee1f03ed5f1090ef388 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Wed, 30 Jun 2021 11:31:06 -0500 Subject: [PATCH 16/73] sync with sous-chefs --- .delivery/project.toml | 10 +++- .envrc | 1 + .github/workflows/ci.yml | 35 ++++++------- .github/workflows/md-links.yml | 19 +++++++ .gitignore | 20 ++++---- .mdlrc | 2 +- .rubocop.yml | 2 + .vscode/extensions.json | 7 +++ .yamllint | 6 +++ Berksfile | 4 -- Dangerfile | 47 +++++++++++++++++ chefignore | 92 +++++++++++++++++++++------------- 12 files changed, 175 insertions(+), 70 deletions(-) create mode 100644 .envrc create mode 100644 .github/workflows/md-links.yml create mode 100644 .rubocop.yml create mode 100644 .vscode/extensions.json create mode 100644 Dangerfile diff --git a/.delivery/project.toml b/.delivery/project.toml index 6d5e3617..0d6f0ae9 100644 --- a/.delivery/project.toml +++ b/.delivery/project.toml @@ -1 +1,9 @@ -remote_file = "https://raw.githubusercontent.com/chef-cookbooks/community_cookbook_tools/master/delivery/project.toml" +[local_phases] +unit = "rspec spec/" +lint = 'cookstyle --display-cop-names --extra-details' +syntax = "echo skipping" +provision = "echo skipping" +deploy = "echo skipping" +smoke = "echo skipping" +functional = "echo skipping" +cleanup = "echo skipping" diff --git a/.envrc b/.envrc new file mode 100644 index 00000000..6ed589ea --- /dev/null +++ b/.envrc @@ -0,0 +1 @@ +use chefworkstation diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index df231fc1..d4d35c00 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@main + uses: actions/checkout@v2 - name: Run Chef Delivery uses: actionshub/chef-delivery@main env: @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@master + uses: actions/checkout@v2 - name: Run yaml Lint uses: actionshub/yamllint@main @@ -30,11 +30,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@master + uses: actions/checkout@v2 - name: Run Markdown Lint uses: actionshub/markdownlint@main - windows-2016: + integration-windows-2016: needs: [mdl, yamllint, delivery] runs-on: windows-2016 strategy: @@ -48,11 +48,13 @@ jobs: steps: - name: Check out code - uses: actions/checkout@master + uses: actions/checkout@v2 - name: Install Chef - uses: actionshub/chef-install@master - - name: test-kitchen - uses: actionshub/test-kitchen@master + uses: actionshub/chef-install@main + env: + ACTIONS_ALLOW_UNSECURE_COMMANDS: 'true' + - name: Kitchen Exec + uses: actionshub/test-kitchen@main env: CHEF_LICENSE: accept-no-persist KITCHEN_LOCAL_YAML: kitchen.exec.yml @@ -60,7 +62,7 @@ jobs: suite: ${{ matrix.suite }} os: ${{ matrix.os }} - windows-2019: + integration-windows-2019: needs: [mdl, yamllint, delivery] runs-on: windows-2019 strategy: @@ -74,21 +76,16 @@ jobs: steps: - name: Check out code - uses: actions/checkout@master + uses: actions/checkout@v2 - name: Install Chef - uses: actionshub/chef-install@master + uses: actionshub/chef-install@main + env: + ACTIONS_ALLOW_UNSECURE_COMMANDS: 'true' - name: Kitchen Exec - uses: actionshub/test-kitchen@master + uses: actionshub/test-kitchen@main env: CHEF_LICENSE: accept-no-persist KITCHEN_LOCAL_YAML: kitchen.exec.yml with: suite: ${{ matrix.suite }} os: ${{ matrix.os }} - - final: - needs: [windows-2016, windows-2019] - runs-on: ubuntu-latest - steps: - - name: Check out code - uses: actions/checkout@master diff --git a/.github/workflows/md-links.yml b/.github/workflows/md-links.yml new file mode 100644 index 00000000..ba887a16 --- /dev/null +++ b/.github/workflows/md-links.yml @@ -0,0 +1,19 @@ +--- +name: md-links + +"on": + pull_request: + push: + branches: [main] + +jobs: + md-links: + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@v2 + - name: markdown-link-check + uses: gaurav-nelson/github-action-markdown-link-check@v1 + with: + use-verbose-mode: "yes" + folder-path: "documentation" diff --git a/.gitignore b/.gitignore index 8f93e577..be3b9a8b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,11 +1,7 @@ *.rbc .config -coverage InstalledFiles -lib/bundler/man pkg -rdoc -spec/reports test/tmp test/version_tmp tmp @@ -14,27 +10,32 @@ _Store *# .#* \#*# -.*.sw[a-z] *.un~ *.tmp *.bk *.bkup -# ruby/bundler files +# editor files +.idea +.*.sw[a-z] + +# ruby/bundler/rspec files .ruby-version .ruby-gemset .rvmrc Gemfile.lock .bundle *.gem +coverage +spec/reports -# YARD artifacts +# YARD / rdoc artifacts .yardoc _yardoc doc/ -.idea +rdoc -# chef stuff +# chef infra stuff Berksfile.lock .kitchen kitchen.local.yml @@ -46,4 +47,3 @@ Policyfile.lock.json # vagrant stuff .vagrant/ .vagrant.d/ -.kitchen/ diff --git a/.mdlrc b/.mdlrc index bfef9b20..105f5907 100644 --- a/.mdlrc +++ b/.mdlrc @@ -1 +1 @@ -rules "~MD013", "~MD024", "~MD025", "~MD029", "~MD033" +rules "~MD013", "~MD024", "~MD025", "~MD033" diff --git a/.rubocop.yml b/.rubocop.yml new file mode 100644 index 00000000..3bcfae7f --- /dev/null +++ b/.rubocop.yml @@ -0,0 +1,2 @@ +Lint/ParenthesesAsGroupedExpression: + Enabled: false diff --git a/.vscode/extensions.json b/.vscode/extensions.json new file mode 100644 index 00000000..cd777250 --- /dev/null +++ b/.vscode/extensions.json @@ -0,0 +1,7 @@ +{ + "recommendations": [ + "chef-software.chef", + "rebornix.ruby", + "editorconfig.editorconfig" + ] +} diff --git a/.yamllint b/.yamllint index 2d696128..1b5cea09 100644 --- a/.yamllint +++ b/.yamllint @@ -5,3 +5,9 @@ rules: max: 256 level: warning document-start: disable + braces: + forbid: false + min-spaces-inside: 0 + max-spaces-inside: 1 + min-spaces-inside-empty: -1 + max-spaces-inside-empty: -1 diff --git a/Berksfile b/Berksfile index 7c1be4be..d1363567 100644 --- a/Berksfile +++ b/Berksfile @@ -2,10 +2,6 @@ source 'https://supermarket.chef.io' metadata -group :deps do - cookbook 'windows' -end - group :integration do cookbook 'windows_ad_test', path: 'test/cookbooks/windows_ad_test' diff --git a/Dangerfile b/Dangerfile new file mode 100644 index 00000000..84b67873 --- /dev/null +++ b/Dangerfile @@ -0,0 +1,47 @@ +Reference: http://danger.systems/reference.html + +# A pull request summary is required. Add a description of the pull request purpose. +# Changelog must be updated for each pull request that changes code. +# Warnings will be issued for: +# Pull request with more than 400 lines of code changed +# Pull reqest that change more than 5 lines without test changes +# Failures will be issued for: +# Pull request without summary +# Pull requests with code changes without changelog entry + +def code_changes? + code = %w(libraries attributes recipes resources files templates) + code.each do |location| + return true unless git.modified_files.grep(/#{location}/).empty? + end + false +end + +def test_changes? + tests = %w(spec test kitchen.yml kitchen.dokken.yml) + tests.each do |location| + return true unless git.modified_files.grep(/#{location}/).empty? + end + false +end + +failure 'Please provide a summary of your Pull Request.' if github.pr_body.length < 10 + +warn 'This is a big Pull Request.' if git.lines_of_code > 400 + +warn 'This is a Table Flip.' if git.lines_of_code > 2000 + +# Require a CHANGELOG entry for non-test changes. +if !git.modified_files.include?('CHANGELOG.md') && code_changes? + failure 'Please include a CHANGELOG entry.' +end + +# Require Major Minor Patch version labels +unless github.pr_labels.grep /minor|major|patch/i + warn 'Please add a release label to this pull request' +end + +# A sanity check for tests. +if git.lines_of_code > 5 && code_changes? && !test_changes? + warn 'This Pull Request is probably missing tests.' +end diff --git a/chefignore b/chefignore index b2065c33..cc170ea7 100644 --- a/chefignore +++ b/chefignore @@ -1,75 +1,85 @@ # Put files/directories that should be ignored in this file when uploading -# to a chef-server or supermarket. +# to a Chef Infra Server or Supermarket. # Lines that start with '# ' are comments. # OS generated files # ###################### .DS_Store +ehthumbs.db Icon? nohup.out -ehthumbs.db Thumbs.db - -# SASS # -######## -.sass-cache +.envrc # EDITORS # ########### -\#* .#* -*~ -*.sw[a-z] +.project +.settings +*_flymake +*_flymake.* *.bak +*.sw[a-z] +*.tmproj +*~ +\#* REVISION TAGS* tmtags -*_flymake.* -*_flymake -*.tmproj -.project -.settings -mkmf.log +.vscode +.editorconfig ## COMPILED ## ############## -a.out -*.o -*.pyc -*.so -*.com *.class +*.com *.dll *.exe +*.o +*.pyc +*.so */rdoc/ +a.out +mkmf.log # Testing # ########### +.circleci/* +.codeclimate.yml +.delivery/* +.foodcritic +.kitchen* +.mdlrc +.overcommit.yml .rspec -spec/* -spec/fixtures/* -test/* -features/* +.rubocop.yml +.travis.yml +.watchr +.yamllint +azure-pipelines.yml +Dangerfile examples/* +features/* +Guardfile +kitchen.yml* +mlc_config.json Procfile -kitchen* -.kitchen* -.rubocop.yml +Rakefile spec/* -.travis.yml -.foodcritic -appveyor.yml +test/* # SCM # ####### .git -*/.git +.gitattributes +.gitconfig +.github/* .gitignore +.gitkeep .gitmodules -.gitconfig -.gitattributes .svn */.bzr/* +*/.git */.hg/* */.svn/* @@ -80,14 +90,26 @@ Berksfile.lock cookbooks/* tmp +# Bundler # +########### +vendor/* +Gemfile +Gemfile.lock + # Policyfile # ############## Policyfile.rb Policyfile.lock.json -# Cookbooks # +# Documentation # ############# +CODE_OF_CONDUCT* CONTRIBUTING* -CHANGELOG* +documentation/* TESTING* +UPGRADING* +# Vagrant # +########### +.vagrant +Vagrantfile From 7a6ca69452c88ec7875f17f9fa0456bf1b60227a Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Wed, 30 Jun 2021 11:31:25 -0500 Subject: [PATCH 17/73] switch to windows_ad_join --- .../windows_ad_test/recipes/join_domain.rb | 14 ++++---------- .../windows_ad_test/recipes/unjoin_domain.rb | 10 ---------- 2 files changed, 4 insertions(+), 20 deletions(-) delete mode 100644 test/cookbooks/windows_ad_test/recipes/unjoin_domain.rb diff --git a/test/cookbooks/windows_ad_test/recipes/join_domain.rb b/test/cookbooks/windows_ad_test/recipes/join_domain.rb index bacf8ff8..4ea33b1e 100644 --- a/test/cookbooks/windows_ad_test/recipes/join_domain.rb +++ b/test/cookbooks/windows_ad_test/recipes/join_domain.rb @@ -2,20 +2,14 @@ pass = 'Passw0rd' domain = 'contoso.local' -powershell_script 'Set DNS Server' do - case node['os_version'] - when '6.1' - code 'netsh interface ipv4 add dnsserver localhost 192.168.10.10' - when '6.2' - code 'Set-DnsClientServerAddress -InterfaceAlias \"Local Area Connection 2\" -serveraddress 192.168.10.10' - end -end - +# Set a complex password to allow creating a domain/forest execute "net user \"#{user}\" \"#{pass}\"" -windows_ad_computer 'localhost' do +windows_ad_join 'localhost' do action :join domain_name domain domain_user user domain_pass pass + reboot :immediate + reboot_delay 60 end diff --git a/test/cookbooks/windows_ad_test/recipes/unjoin_domain.rb b/test/cookbooks/windows_ad_test/recipes/unjoin_domain.rb deleted file mode 100644 index 1f2a8426..00000000 --- a/test/cookbooks/windows_ad_test/recipes/unjoin_domain.rb +++ /dev/null @@ -1,10 +0,0 @@ -user = 'Administrator' -pass = 'Passw0rd' -domain = 'contoso.local' - -windows_ad_computer 'localhost' do - action :unjoin - domain_name domain - domain_user user - domain_pass pass -end From 6f5f374c065d93d0a2df13cbd27c432cabfd1042 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Wed, 30 Jun 2021 11:32:34 -0500 Subject: [PATCH 18/73] add develop branch --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d4d35c00..34e07e09 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,6 +6,7 @@ name: ci push: branches: - master + - develop jobs: delivery: From 0d826ca7bcc70edd81f7e1447a825f819939e299 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Wed, 30 Jun 2021 11:41:59 -0500 Subject: [PATCH 19/73] typo --- Dangerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dangerfile b/Dangerfile index 84b67873..bc08b7ae 100644 --- a/Dangerfile +++ b/Dangerfile @@ -1,4 +1,4 @@ -Reference: http://danger.systems/reference.html +# Reference: http://danger.systems/reference.html # A pull request summary is required. Add a description of the pull request purpose. # Changelog must be updated for each pull request that changes code. From b821e15224fe75bac9033cf36fa9e0370bd635ef Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Wed, 30 Jun 2021 11:46:10 -0500 Subject: [PATCH 20/73] create contributing.md --- CONTRIBUTING.md | 4 ++++ README.md | 7 +------ 2 files changed, 5 insertions(+), 6 deletions(-) create mode 100644 CONTRIBUTING.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 00000000..a946aea1 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,4 @@ +# Contributing + +Please refer to +[https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD) diff --git a/README.md b/README.md index 31723539..8d54e872 100644 --- a/README.md +++ b/README.md @@ -379,12 +379,7 @@ Warning: Data bags can be used, however OU names must be unique (restriction of ## Contributing -1. Fork the repository on Github -2. Create a named feature branch (like `add_component_x`) -3. Write you change -4. Write tests for your change (if applicable) -5. Run the tests, ensuring they all pass -6. Submit a Pull Request using Github +For more details look at the [CONTRIBUTING.md](./CONTRIBUTING.md). ## License and Authors From ba3899ff6aa7b2acfc8f8a80b87fc8f2c5d9f77d Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Wed, 30 Jun 2021 11:56:18 -0500 Subject: [PATCH 21/73] unified_mode true --- resources/computer.rb | 2 + resources/contact.rb | 2 + resources/domain.rb | 2 + resources/group.rb | 2 + resources/group_member.rb | 2 + resources/ou.rb | 27 +++++------ resources/ou_2008.rb | 95 --------------------------------------- resources/ou_2012.rb | 59 ------------------------ resources/user.rb | 2 + 9 files changed, 24 insertions(+), 169 deletions(-) delete mode 100644 resources/ou_2008.rb delete mode 100644 resources/ou_2012.rb diff --git a/resources/computer.rb b/resources/computer.rb index 882418a7..470eb4d0 100644 --- a/resources/computer.rb +++ b/resources/computer.rb @@ -19,6 +19,8 @@ property :cmd_pass, String property :cmd_domain, String +unified_mode true + action :create do if exists? Chef::Log.debug('The object already exists') diff --git a/resources/contact.rb b/resources/contact.rb index 3d1478cd..46ff2b29 100644 --- a/resources/contact.rb +++ b/resources/contact.rb @@ -17,6 +17,8 @@ property :cmd_pass, String property :cmd_domain, String +unified_mode true + action :create do if exists? Chef::Log.debug('The object already exists') diff --git a/resources/domain.rb b/resources/domain.rb index edfabc82..7416fdfe 100644 --- a/resources/domain.rb +++ b/resources/domain.rb @@ -19,6 +19,8 @@ property :local_pass, String property :replica_type, String, default: 'domain' +unified_mode true + ENUM_NAMES = %w[(Win2012) (Win2012R2) (2016) (2019) (Default)].freeze action :create do diff --git a/resources/group.rb b/resources/group.rb index 28ba6163..3552e485 100644 --- a/resources/group.rb +++ b/resources/group.rb @@ -17,6 +17,8 @@ property :cmd_pass, String property :cmd_domain, String +unified_mode true + action :create do if exists? Chef::Log.debug('The object already exists') diff --git a/resources/group_member.rb b/resources/group_member.rb index 7ee17bb3..eb8d8600 100644 --- a/resources/group_member.rb +++ b/resources/group_member.rb @@ -19,6 +19,8 @@ property :cmd_pass, String property :cmd_domain, String +unified_mode true + action :add do group_dn = CmdHelper.dn(new_resource.group_name, new_resource.group_ou, new_resource.domain_name) user_dn = CmdHelper.dn(new_resource.user_name, new_resource.user_ou, new_resource.domain_name) diff --git a/resources/ou.rb b/resources/ou.rb index 38d3de21..33dccc0e 100644 --- a/resources/ou.rb +++ b/resources/ou.rb @@ -17,23 +17,20 @@ property :cmd_pass, String property :cmd_domain, String +unified_mode true + action :create do - require 'chef/win32/version' - win_ver = Chef::ReservedNames::Win32::Version.new - if win_ver.windows_server_2008? || win_ver.windows_server_2008_r2? - windows_ad_ou_2008 new_resource.name do - action :create - ou new_resource.ou unless new_resource.ou.nil? - domain_name new_resource.domain_name - end - elsif Chef::Version.new(node['os_version']) >= Chef::Version.new('6.2') - windows_ad_ou_2012 new_resource.name do - action :create - path new_resource.ou unless new_resource.ou.nil? - domain_name new_resource.domain_name - end + if exists? + Chef::Log.info('The object already exists') else - Chef::Log.error('This version of Windows is not supported') + cmd = 'New-ADOrganizationalUnit' + cmd << " -Name \"#{new_resource.name}\"" + cmd << " -Path \"#{dn}\"" unless new_resource.path.nil? + + powershell_script "create_ou_2012_#{new_resource.name}" do + code cmd + end + Chef::Log.info('The object has been created') end end diff --git a/resources/ou_2008.rb b/resources/ou_2008.rb deleted file mode 100644 index b589ad5b..00000000 --- a/resources/ou_2008.rb +++ /dev/null @@ -1,95 +0,0 @@ -# -# Author:: Derek Groh () -# Cookbook:: windows_ad -# Resource:: ou_2012 -# -# Copyright:: 2016, Texas A&M - -resource_name :windows_ad_ou_2008 -provides :windows_ad_ou_2008 - -default_action :create - -property :domain_name, String -property :ou, String -property :options, Hash, default: {} -property :cmd_user, String -property :cmd_pass, String -property :cmd_domain, String - -action :create do - if parent? - if exists? - Chef::Log.debug('The object already exists') - else - cmd = 'dsadd' - cmd << ' ou ' - cmd << '"' - cmd << dn - cmd << '"' - - cmd << cmd_options(new_resource.options) - - Chef::Log.info(print_msg("create #{new_resource.name}")) - CmdHelper.shell_out(cmd, new_resource.cmd_user, new_resource.cmd_pass, - new_resource.cmd_domain) - end - else - Chef::Log.error('The parent OU does not exist') - end -end - -def cmd_options(options) - cmd = '' - options.each do |option, value| - cmd << " -#{option} \"#{value}\"" - # [-subtree [-exclude]] [-noprompt] [{-s Server | -d Domain}] [-u UserName] - # [-p {Password | *}][-c][-q][{-uc | -uco | -uci}] - end - cmd -end - -def dn - dn = "ou=#{new_resource.name}," - unless new_resource.ou.nil? - dn << CmdHelper.ou_partial_dn(new_resource.ou) << ',' - end - dn << CmdHelper.dc_partial_dn(new_resource.domain_name) -end - -def parent? - if new_resource.ou.nil? - true - else - ldap = CmdHelper.dc_partial_dn(new_resource.domain_name) - parent_ou_name = CmdHelper.ou_leaf(new_resource.ou) - parent = CmdHelper.shell_out("dsquery ou -name \"#{parent_ou_name}\"", - new_resource.cmd_user, new_resource.cmd_pass, - new_resource.cmd_domain) - path = CmdHelper.ou_partial_dn(new_resource.ou) << ',' - path << ldap - parent.stdout.downcase.include? path.downcase - end -end - -action_class do - def exists? - dc_partial_dn = CmdHelper.dc_partial_dn(new_resource.domain_name) - if new_resource.ou.nil? - ldap = dc_partial_dn - else - ldap = CmdHelper.ou_partial_dn(new_resource.ou) << ',' - ldap << dc_partial_dn - end - check = CmdHelper.shell_out("dsquery ou -name \"#{new_resource.name}\"", - new_resource.cmd_user, new_resource.cmd_pass, - new_resource.cmd_domain) - path = "OU=#{new_resource.name}," - path << ldap - check.stdout.downcase.include? path.downcase - end - - def print_msg(action) - "windows_ad_ou[#{action}]" - end -end diff --git a/resources/ou_2012.rb b/resources/ou_2012.rb deleted file mode 100644 index 87522e14..00000000 --- a/resources/ou_2012.rb +++ /dev/null @@ -1,59 +0,0 @@ -# -# Author:: Derek Groh () -# Cookbook:: windows_ad -# Resource:: ou_2012 -# -# Copyright:: 2016, Texas A&M - -resource_name :windows_ad_ou_2012 -provides :windows_ad_ou_2012 - -default_action :create - -property :path, String -property :domain_name, String -property :options, Hash, default: {} -property :cmd_user, String -property :cmd_pass, String -property :cmd_domain, String - -action :create do - if exists? - Chef::Log.info('The object already exists') - else - cmd = 'New-ADOrganizationalUnit' - cmd << " -Name \"#{new_resource.name}\"" - cmd << " -Path \"#{dn}\"" unless new_resource.path.nil? - - powershell_script "create_ou_2012_#{new_resource.name}" do - code cmd - end - Chef::Log.info('The object has been created') - end -end - -action_class do - def dn - unless new_resource.path.nil? - dn = '' - dn << CmdHelper.ou_partial_dn(new_resource.path) << ',' - end - dn << CmdHelper.dc_partial_dn(new_resource.domain_name) - end - - def exists? - dc_partial_dn = CmdHelper.dc_partial_dn(new_resource.domain_name) - if new_resource.path.nil? - ldap = dc_partial_dn - else - ldap = CmdHelper.ou_partial_dn(new_resource.path) << ',' - ldap << dc_partial_dn - end - path = "OU=#{new_resource.name}," - path = path.gsub('/', '\/') if path.include?('/') - path << ldap - Chef::Log.info("path is #{path}") - check = CmdHelper.shell_out("powershell.exe \"[adsi]::Exists('LDAP://#{path}')\"", new_resource.cmd_user, new_resource.cmd_pass, new_resource.cmd_domain) - check.stdout.downcase.include?('true') - end -end diff --git a/resources/user.rb b/resources/user.rb index 296deddc..a0336f1a 100644 --- a/resources/user.rb +++ b/resources/user.rb @@ -18,6 +18,8 @@ property :cmd_pass, String property :cmd_domain, String +unified_mode true + action :create do if exists? Chef::Log.debug('The object already exists') From 817ed046c8bd9ac50ed761c51b26a987a8e0bca7 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Wed, 30 Jun 2021 13:30:38 -0500 Subject: [PATCH 22/73] switch to main branch, test tmate --- .github/workflows/ci.yml | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 34e07e09..efc750d8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -5,9 +5,13 @@ name: ci pull_request: push: branches: - - master - - develop - + - main + workflow_dispatch: + inputs: + debug_enabled: + description: 'Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)' + required: false + default: false jobs: delivery: runs-on: ubuntu-latest @@ -62,6 +66,10 @@ jobs: with: suite: ${{ matrix.suite }} os: ${{ matrix.os }} + # Enable tmate debugging of manually-triggered workflows if the input option was provided + - name: Setup tmate session + uses: mxschmitt/action-tmate@v3 + integration-windows-2019: needs: [mdl, yamllint, delivery] @@ -90,3 +98,6 @@ jobs: with: suite: ${{ matrix.suite }} os: ${{ matrix.os }} + # Enable tmate debugging of manually-triggered workflows if the input option was provided + - name: Setup tmate session + uses: mxschmitt/action-tmate@v3 From 7c73640be17aaa850ef89aeaaa0cd6a8be52594d Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Wed, 30 Jun 2021 14:17:08 -0500 Subject: [PATCH 23/73] remove trailing spaces --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index efc750d8..fb427c4d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,9 +9,10 @@ name: ci workflow_dispatch: inputs: debug_enabled: - description: 'Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)' + description: 'Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)' required: false default: false + jobs: delivery: runs-on: ubuntu-latest @@ -70,7 +71,6 @@ jobs: - name: Setup tmate session uses: mxschmitt/action-tmate@v3 - integration-windows-2019: needs: [mdl, yamllint, delivery] runs-on: windows-2019 From 0cb0bc84dbb7450aba8da7907a6e0512e44c4415 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Wed, 30 Jun 2021 14:47:53 -0500 Subject: [PATCH 24/73] move tmate before kitchen exec --- .github/workflows/ci.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fb427c4d..d01194a4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -59,6 +59,9 @@ jobs: uses: actionshub/chef-install@main env: ACTIONS_ALLOW_UNSECURE_COMMANDS: 'true' + # Enable tmate debugging of manually-triggered workflows if the input option was provided + - name: Setup tmate session + uses: mxschmitt/action-tmate@v3 - name: Kitchen Exec uses: actionshub/test-kitchen@main env: @@ -67,9 +70,6 @@ jobs: with: suite: ${{ matrix.suite }} os: ${{ matrix.os }} - # Enable tmate debugging of manually-triggered workflows if the input option was provided - - name: Setup tmate session - uses: mxschmitt/action-tmate@v3 integration-windows-2019: needs: [mdl, yamllint, delivery] @@ -90,6 +90,9 @@ jobs: uses: actionshub/chef-install@main env: ACTIONS_ALLOW_UNSECURE_COMMANDS: 'true' + # Enable tmate debugging of manually-triggered workflows if the input option was provided + - name: Setup tmate session + uses: mxschmitt/action-tmate@v3 - name: Kitchen Exec uses: actionshub/test-kitchen@main env: @@ -98,6 +101,3 @@ jobs: with: suite: ${{ matrix.suite }} os: ${{ matrix.os }} - # Enable tmate debugging of manually-triggered workflows if the input option was provided - - name: Setup tmate session - uses: mxschmitt/action-tmate@v3 From 4c734de19d95d5fa440785914523aacf203cb13d Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Thu, 1 Jul 2021 15:07:45 -0500 Subject: [PATCH 25/73] wait_for_retry 500 --- kitchen.exec.yml | 4 ++-- kitchen.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/kitchen.exec.yml b/kitchen.exec.yml index d40de6f9..13bb121c 100644 --- a/kitchen.exec.yml +++ b/kitchen.exec.yml @@ -20,8 +20,8 @@ provisioner: - 4 # Exit, success, with a non-critical failure, need to reboot - 35 # 35 is the exit code signaling that the node is rebooting - 1190 #1190 is the exit code signaling that a reboot is scheduled - wait_for_retry: 300 # May need to increase depending on computing resources. - max_retries: 3 + wait_for_retry: 500 # May need to increase depending on computing resources. + max_retries: 1 platforms: - name: windows-2016 diff --git a/kitchen.yml b/kitchen.yml index 10368eab..3fc855d9 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -21,7 +21,7 @@ provisioner: - 4 # Exit, success, with a non-critical failure, need to reboot - 35 # 35 is the exit code signaling that the node is rebooting - 1190 #1190 is the exit code signaling that a reboot is scheduled - wait_for_retry: 200 # May need to increase depending on computing resources. + wait_for_retry: 500 # May need to increase depending on computing resources. max_retries: 1 verifier: From b5f8b1065debff1b9c585be6bda27ff589d2ac24 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Thu, 1 Jul 2021 15:56:19 -0500 Subject: [PATCH 26/73] disable tmate --- .github/workflows/ci.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d01194a4..5339c030 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -59,9 +59,6 @@ jobs: uses: actionshub/chef-install@main env: ACTIONS_ALLOW_UNSECURE_COMMANDS: 'true' - # Enable tmate debugging of manually-triggered workflows if the input option was provided - - name: Setup tmate session - uses: mxschmitt/action-tmate@v3 - name: Kitchen Exec uses: actionshub/test-kitchen@main env: @@ -90,9 +87,6 @@ jobs: uses: actionshub/chef-install@main env: ACTIONS_ALLOW_UNSECURE_COMMANDS: 'true' - # Enable tmate debugging of manually-triggered workflows if the input option was provided - - name: Setup tmate session - uses: mxschmitt/action-tmate@v3 - name: Kitchen Exec uses: actionshub/test-kitchen@main env: From 55968eb3f6a4b87942ca8b3ea5d319ebee29a8d8 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Thu, 1 Jul 2021 19:06:16 -0500 Subject: [PATCH 27/73] add reboot test --- .github/workflows/ci.yml | 8 ++------ kitchen.yml | 9 ++++++++- test/cookbooks/windows_ad_test/recipes/reboot.rb | 11 +++++++++++ test/integration/reboot/reboot_test.rb | 7 +++++++ 4 files changed, 28 insertions(+), 7 deletions(-) create mode 100644 test/cookbooks/windows_ad_test/recipes/reboot.rb create mode 100644 test/integration/reboot/reboot_test.rb diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5339c030..9b688963 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,12 +6,6 @@ name: ci push: branches: - main - workflow_dispatch: - inputs: - debug_enabled: - description: 'Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)' - required: false - default: false jobs: delivery: @@ -50,6 +44,7 @@ jobs: suite: - 'default' - 'forest' + - 'reboot' fail-fast: false steps: @@ -78,6 +73,7 @@ jobs: suite: - 'default' - 'forest' + - 'reboot' fail-fast: false steps: diff --git a/kitchen.yml b/kitchen.yml index 3fc855d9..e3a1ca9c 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -10,7 +10,7 @@ provisioner: deprecations_as_errors: true chef_license: accept-no-persist product_name: chef - product_version: <%= ENV['CHEF_VERSION'] || 'latest' %> + product_version: '16' # <%= ENV['CHEF_VERSION'] || 'latest' %> # log_level: debug install_strategy: once retry_on_exit_code: @@ -79,3 +79,10 @@ suites: - test/integration/forest - test/integration/objects attributes: + + - name: reboot + run_list: + - recipe[windows_ad_test::reboot] + verifier: + inspec_tests: + - test/integration/reboot \ No newline at end of file diff --git a/test/cookbooks/windows_ad_test/recipes/reboot.rb b/test/cookbooks/windows_ad_test/recipes/reboot.rb new file mode 100644 index 00000000..d80ebf45 --- /dev/null +++ b/test/cookbooks/windows_ad_test/recipes/reboot.rb @@ -0,0 +1,11 @@ +file 'C:\reboot.txt' do + notifies :reboot_now, 'reboot[now]', :immediately +end + +reboot 'now' do + action :nothing + reason 'Cannot continue Chef run without a reboot.' + delay_mins 1 +end + +file 'C:\rebootsuccess.txt' diff --git a/test/integration/reboot/reboot_test.rb b/test/integration/reboot/reboot_test.rb new file mode 100644 index 00000000..e308ce91 --- /dev/null +++ b/test/integration/reboot/reboot_test.rb @@ -0,0 +1,7 @@ +describe file('c:\reboot.txt') do + it { should exist } +end + +describe file('c:\rebootsuccess.txt') do + it { should exist } +end From f9346bfa70fda3b728918b47d517f299c5fdd3b6 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Thu, 1 Jul 2021 19:21:35 -0500 Subject: [PATCH 28/73] lint --- kitchen.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kitchen.yml b/kitchen.yml index e3a1ca9c..516f2dd5 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -20,7 +20,7 @@ provisioner: - 3 # Exit, success, with a non-critical failure - 4 # Exit, success, with a non-critical failure, need to reboot - 35 # 35 is the exit code signaling that the node is rebooting - - 1190 #1190 is the exit code signaling that a reboot is scheduled + - 1190 # 1190 is the exit code signaling that a reboot is scheduled wait_for_retry: 500 # May need to increase depending on computing resources. max_retries: 1 @@ -85,4 +85,4 @@ suites: - recipe[windows_ad_test::reboot] verifier: inspec_tests: - - test/integration/reboot \ No newline at end of file + - test/integration/reboot From 9aec3fabd59965e4d84bee512dd84cd4ac2edfc1 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Sun, 4 Jul 2021 18:26:27 -0500 Subject: [PATCH 29/73] remove retry logic from default suite --- kitchen.yml | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/kitchen.yml b/kitchen.yml index 516f2dd5..1c38ac05 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -21,8 +21,8 @@ provisioner: - 4 # Exit, success, with a non-critical failure, need to reboot - 35 # 35 is the exit code signaling that the node is rebooting - 1190 # 1190 is the exit code signaling that a reboot is scheduled - wait_for_retry: 500 # May need to increase depending on computing resources. - max_retries: 1 + # wait_for_retry: 500 # May need to increase depending on computing resources. + # max_retries: 1 verifier: name: inspec @@ -60,6 +60,9 @@ suites: attributes: - name: forest + provisioner: + wait_for_retry: 500 # May need to increase depending on computing resources. + max_retries: 1 run_list: - recipe[windows_ad_test::setup_forest] verifier: @@ -68,6 +71,9 @@ suites: attributes: - name: objects + provisioner: + wait_for_retry: 500 # May need to increase depending on computing resources. + max_retries: 1 run_list: - recipe[windows_ad_test::setup_forest] - recipe[windows_ad_test::ou] @@ -79,10 +85,3 @@ suites: - test/integration/forest - test/integration/objects attributes: - - - name: reboot - run_list: - - recipe[windows_ad_test::reboot] - verifier: - inspec_tests: - - test/integration/reboot From 42a2f194778230b3008ab4fe9ae9dd4b19d779a0 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Sun, 4 Jul 2021 18:27:31 -0500 Subject: [PATCH 30/73] add guard for reboot resource --- test/cookbooks/windows_ad_test/recipes/setup_forest.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/cookbooks/windows_ad_test/recipes/setup_forest.rb b/test/cookbooks/windows_ad_test/recipes/setup_forest.rb index a708548e..3791e042 100644 --- a/test/cookbooks/windows_ad_test/recipes/setup_forest.rb +++ b/test/cookbooks/windows_ad_test/recipes/setup_forest.rb @@ -17,5 +17,6 @@ reboot 'now' do action :nothing reason 'Cannot continue Chef run without a reboot.' - delay_mins 1 + delay_mins 5 + not_if "powershell.exe -command [adsi]::Exists('LDAP://contoso.local')" end From 15c63a757168cf8b4f5267c21fbf89f29bea2efe Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Sun, 4 Jul 2021 18:27:40 -0500 Subject: [PATCH 31/73] restore ou resource --- resources/ou.rb | 29 ++++++++++++---------- resources/ou_2012.rb | 59 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 75 insertions(+), 13 deletions(-) create mode 100644 resources/ou_2012.rb diff --git a/resources/ou.rb b/resources/ou.rb index 33dccc0e..54766296 100644 --- a/resources/ou.rb +++ b/resources/ou.rb @@ -17,20 +17,23 @@ property :cmd_pass, String property :cmd_domain, String -unified_mode true - -action :create do - if exists? - Chef::Log.info('The object already exists') - else - cmd = 'New-ADOrganizationalUnit' - cmd << " -Name \"#{new_resource.name}\"" - cmd << " -Path \"#{dn}\"" unless new_resource.path.nil? - - powershell_script "create_ou_2012_#{new_resource.name}" do - code cmd +action :create do # ~FC017 + require 'chef/win32/version' + win_ver = Chef::ReservedNames::Win32::Version.new + if win_ver.windows_server_2008? || win_ver.windows_server_2008_r2? + windows_ad_ou_2008 new_resource.name do + action :create + ou new_resource.ou unless new_resource.ou.nil? + domain_name new_resource.domain_name + end + elsif Chef::Version.new(node['os_version']) >= Chef::Version.new('6.2') + windows_ad_ou_2012 new_resource.name do + action :create + path new_resource.ou unless new_resource.ou.nil? + domain_name new_resource.domain_name end - Chef::Log.info('The object has been created') + else + Chef::Log.error('This version of Windows is not supported') end end diff --git a/resources/ou_2012.rb b/resources/ou_2012.rb new file mode 100644 index 00000000..87522e14 --- /dev/null +++ b/resources/ou_2012.rb @@ -0,0 +1,59 @@ +# +# Author:: Derek Groh () +# Cookbook:: windows_ad +# Resource:: ou_2012 +# +# Copyright:: 2016, Texas A&M + +resource_name :windows_ad_ou_2012 +provides :windows_ad_ou_2012 + +default_action :create + +property :path, String +property :domain_name, String +property :options, Hash, default: {} +property :cmd_user, String +property :cmd_pass, String +property :cmd_domain, String + +action :create do + if exists? + Chef::Log.info('The object already exists') + else + cmd = 'New-ADOrganizationalUnit' + cmd << " -Name \"#{new_resource.name}\"" + cmd << " -Path \"#{dn}\"" unless new_resource.path.nil? + + powershell_script "create_ou_2012_#{new_resource.name}" do + code cmd + end + Chef::Log.info('The object has been created') + end +end + +action_class do + def dn + unless new_resource.path.nil? + dn = '' + dn << CmdHelper.ou_partial_dn(new_resource.path) << ',' + end + dn << CmdHelper.dc_partial_dn(new_resource.domain_name) + end + + def exists? + dc_partial_dn = CmdHelper.dc_partial_dn(new_resource.domain_name) + if new_resource.path.nil? + ldap = dc_partial_dn + else + ldap = CmdHelper.ou_partial_dn(new_resource.path) << ',' + ldap << dc_partial_dn + end + path = "OU=#{new_resource.name}," + path = path.gsub('/', '\/') if path.include?('/') + path << ldap + Chef::Log.info("path is #{path}") + check = CmdHelper.shell_out("powershell.exe \"[adsi]::Exists('LDAP://#{path}')\"", new_resource.cmd_user, new_resource.cmd_pass, new_resource.cmd_domain) + check.stdout.downcase.include?('true') + end +end From 79b68d9054bc6e7baef1205af217e21600e7f882 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Sun, 4 Jul 2021 18:42:03 -0500 Subject: [PATCH 32/73] remove reboot recipe --- .github/workflows/ci.yml | 4 ++-- test/cookbooks/windows_ad_test/recipes/reboot.rb | 11 ----------- test/integration/reboot/reboot_test.rb | 7 ------- 3 files changed, 2 insertions(+), 20 deletions(-) delete mode 100644 test/cookbooks/windows_ad_test/recipes/reboot.rb delete mode 100644 test/integration/reboot/reboot_test.rb diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9b688963..2b8d9cea 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -44,7 +44,7 @@ jobs: suite: - 'default' - 'forest' - - 'reboot' + - 'objects' fail-fast: false steps: @@ -73,7 +73,7 @@ jobs: suite: - 'default' - 'forest' - - 'reboot' + - 'objects' fail-fast: false steps: diff --git a/test/cookbooks/windows_ad_test/recipes/reboot.rb b/test/cookbooks/windows_ad_test/recipes/reboot.rb deleted file mode 100644 index d80ebf45..00000000 --- a/test/cookbooks/windows_ad_test/recipes/reboot.rb +++ /dev/null @@ -1,11 +0,0 @@ -file 'C:\reboot.txt' do - notifies :reboot_now, 'reboot[now]', :immediately -end - -reboot 'now' do - action :nothing - reason 'Cannot continue Chef run without a reboot.' - delay_mins 1 -end - -file 'C:\rebootsuccess.txt' diff --git a/test/integration/reboot/reboot_test.rb b/test/integration/reboot/reboot_test.rb deleted file mode 100644 index e308ce91..00000000 --- a/test/integration/reboot/reboot_test.rb +++ /dev/null @@ -1,7 +0,0 @@ -describe file('c:\reboot.txt') do - it { should exist } -end - -describe file('c:\rebootsuccess.txt') do - it { should exist } -end From 06d05206da297771a76907c2ea3e300a47994c66 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Sun, 4 Jul 2021 18:42:03 -0500 Subject: [PATCH 33/73] Revert "remove reboot recipe" This reverts commit 79b68d9054bc6e7baef1205af217e21600e7f882. --- .github/workflows/ci.yml | 4 ++-- test/cookbooks/windows_ad_test/recipes/reboot.rb | 11 +++++++++++ test/integration/reboot/reboot_test.rb | 7 +++++++ 3 files changed, 20 insertions(+), 2 deletions(-) create mode 100644 test/cookbooks/windows_ad_test/recipes/reboot.rb create mode 100644 test/integration/reboot/reboot_test.rb diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2b8d9cea..9b688963 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -44,7 +44,7 @@ jobs: suite: - 'default' - 'forest' - - 'objects' + - 'reboot' fail-fast: false steps: @@ -73,7 +73,7 @@ jobs: suite: - 'default' - 'forest' - - 'objects' + - 'reboot' fail-fast: false steps: diff --git a/test/cookbooks/windows_ad_test/recipes/reboot.rb b/test/cookbooks/windows_ad_test/recipes/reboot.rb new file mode 100644 index 00000000..d80ebf45 --- /dev/null +++ b/test/cookbooks/windows_ad_test/recipes/reboot.rb @@ -0,0 +1,11 @@ +file 'C:\reboot.txt' do + notifies :reboot_now, 'reboot[now]', :immediately +end + +reboot 'now' do + action :nothing + reason 'Cannot continue Chef run without a reboot.' + delay_mins 1 +end + +file 'C:\rebootsuccess.txt' diff --git a/test/integration/reboot/reboot_test.rb b/test/integration/reboot/reboot_test.rb new file mode 100644 index 00000000..e308ce91 --- /dev/null +++ b/test/integration/reboot/reboot_test.rb @@ -0,0 +1,7 @@ +describe file('c:\reboot.txt') do + it { should exist } +end + +describe file('c:\rebootsuccess.txt') do + it { should exist } +end From 0f05ec99d92eaf3e700d2bde5cb3d0b52f75430f Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Sun, 4 Jul 2021 18:26:27 -0500 Subject: [PATCH 34/73] Revert "remove retry logic from default suite" This reverts commit 9aec3fabd59965e4d84bee512dd84cd4ac2edfc1. --- kitchen.yml | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/kitchen.yml b/kitchen.yml index 1c38ac05..516f2dd5 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -21,8 +21,8 @@ provisioner: - 4 # Exit, success, with a non-critical failure, need to reboot - 35 # 35 is the exit code signaling that the node is rebooting - 1190 # 1190 is the exit code signaling that a reboot is scheduled - # wait_for_retry: 500 # May need to increase depending on computing resources. - # max_retries: 1 + wait_for_retry: 500 # May need to increase depending on computing resources. + max_retries: 1 verifier: name: inspec @@ -60,9 +60,6 @@ suites: attributes: - name: forest - provisioner: - wait_for_retry: 500 # May need to increase depending on computing resources. - max_retries: 1 run_list: - recipe[windows_ad_test::setup_forest] verifier: @@ -71,9 +68,6 @@ suites: attributes: - name: objects - provisioner: - wait_for_retry: 500 # May need to increase depending on computing resources. - max_retries: 1 run_list: - recipe[windows_ad_test::setup_forest] - recipe[windows_ad_test::ou] @@ -85,3 +79,10 @@ suites: - test/integration/forest - test/integration/objects attributes: + + - name: reboot + run_list: + - recipe[windows_ad_test::reboot] + verifier: + inspec_tests: + - test/integration/reboot From 9c4824d88e75fc850dc94249277a2f04eaaab9f5 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Sun, 4 Jul 2021 18:55:17 -0500 Subject: [PATCH 35/73] objects --- .github/workflows/ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9b688963..7cf5705a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -45,6 +45,7 @@ jobs: - 'default' - 'forest' - 'reboot' + - 'objects' fail-fast: false steps: @@ -74,6 +75,7 @@ jobs: - 'default' - 'forest' - 'reboot' + - 'objects' fail-fast: false steps: From 3d37ee2fa954de5e7bf0d4a1d4b717fa487dea8f Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Sun, 4 Jul 2021 19:08:26 -0500 Subject: [PATCH 36/73] add reboot guard --- test/cookbooks/windows_ad_test/recipes/reboot.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/test/cookbooks/windows_ad_test/recipes/reboot.rb b/test/cookbooks/windows_ad_test/recipes/reboot.rb index d80ebf45..a19eb088 100644 --- a/test/cookbooks/windows_ad_test/recipes/reboot.rb +++ b/test/cookbooks/windows_ad_test/recipes/reboot.rb @@ -6,6 +6,7 @@ action :nothing reason 'Cannot continue Chef run without a reboot.' delay_mins 1 + not_if { ::File.exist?('C:\rebootsuccess.txt') } end file 'C:\rebootsuccess.txt' From a78aada116084905886752f8e41e49a476a7a760 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Sun, 4 Jul 2021 20:17:27 -0500 Subject: [PATCH 37/73] increase transport sleep 300 --- kitchen.exec.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kitchen.exec.yml b/kitchen.exec.yml index 13bb121c..539ddb68 100644 --- a/kitchen.exec.yml +++ b/kitchen.exec.yml @@ -5,7 +5,7 @@ driver: transport: name: exec # Prevent Winrm from failing out when DC is created. - connection_retry_sleep: 120 + connection_retry_sleep: 300 # When set to plaintext the winrm will run in one converge winrm_transport: plaintext From 835ae5f84073e6b4c1f7dddf5eec04e68f16604c Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Sun, 4 Jul 2021 20:26:57 -0500 Subject: [PATCH 38/73] change guard --- test/cookbooks/windows_ad_test/recipes/reboot.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/cookbooks/windows_ad_test/recipes/reboot.rb b/test/cookbooks/windows_ad_test/recipes/reboot.rb index a19eb088..3e7feb03 100644 --- a/test/cookbooks/windows_ad_test/recipes/reboot.rb +++ b/test/cookbooks/windows_ad_test/recipes/reboot.rb @@ -5,8 +5,8 @@ reboot 'now' do action :nothing reason 'Cannot continue Chef run without a reboot.' - delay_mins 1 - not_if { ::File.exist?('C:\rebootsuccess.txt') } + delay_mins 5 + not_if { ::File.exist?('C:\reboot.txt') } end file 'C:\rebootsuccess.txt' From d8a22a8186902db55a4d9c5598ebef50e0156c19 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Sun, 4 Jul 2021 20:40:24 -0500 Subject: [PATCH 39/73] resource - restart true --- test/cookbooks/windows_ad_test/recipes/setup_forest.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/cookbooks/windows_ad_test/recipes/setup_forest.rb b/test/cookbooks/windows_ad_test/recipes/setup_forest.rb index 3791e042..009fc53a 100644 --- a/test/cookbooks/windows_ad_test/recipes/setup_forest.rb +++ b/test/cookbooks/windows_ad_test/recipes/setup_forest.rb @@ -10,7 +10,7 @@ domain_user 'Administrator' options('InstallDNS': nil) action :create - restart false + restart true notifies :reboot_now, 'reboot[now]', :immediately end From 5baaca0c8f10849a495f2bd736c2a4e63735db63 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Sun, 4 Jul 2021 21:42:39 -0500 Subject: [PATCH 40/73] resource false --- test/cookbooks/windows_ad_test/recipes/setup_forest.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/cookbooks/windows_ad_test/recipes/setup_forest.rb b/test/cookbooks/windows_ad_test/recipes/setup_forest.rb index 009fc53a..3791e042 100644 --- a/test/cookbooks/windows_ad_test/recipes/setup_forest.rb +++ b/test/cookbooks/windows_ad_test/recipes/setup_forest.rb @@ -10,7 +10,7 @@ domain_user 'Administrator' options('InstallDNS': nil) action :create - restart true + restart false notifies :reboot_now, 'reboot[now]', :immediately end From bb371b0622a36aec2161fb0b903b88a55a3fbf08 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Sun, 4 Jul 2021 22:27:13 -0500 Subject: [PATCH 41/73] reboot - 2nd file --- test/cookbooks/windows_ad_test/recipes/reboot.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/cookbooks/windows_ad_test/recipes/reboot.rb b/test/cookbooks/windows_ad_test/recipes/reboot.rb index 3e7feb03..cf7aa579 100644 --- a/test/cookbooks/windows_ad_test/recipes/reboot.rb +++ b/test/cookbooks/windows_ad_test/recipes/reboot.rb @@ -6,7 +6,7 @@ action :nothing reason 'Cannot continue Chef run without a reboot.' delay_mins 5 - not_if { ::File.exist?('C:\reboot.txt') } + not_if { ::File.exist?('C:\rebootsuccess.txt') } end file 'C:\rebootsuccess.txt' From 4d70c8069ce1a355c6d0262d1a5929606f228fc8 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Sun, 4 Jul 2021 22:33:56 -0500 Subject: [PATCH 42/73] yamllint --- kitchen.exec.yml | 14 +++++++------- kitchen.yml | 16 ++++++++-------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/kitchen.exec.yml b/kitchen.exec.yml index 539ddb68..a2dc14c0 100644 --- a/kitchen.exec.yml +++ b/kitchen.exec.yml @@ -14,13 +14,13 @@ provisioner: deprecations_as_errors: true retry_on_exit_code: - 0 - - 1 # Exit, success: You still must reboot - - 2 # Exit, success, need to reboot - - 3 # Exit, success, with a non-critical failure - - 4 # Exit, success, with a non-critical failure, need to reboot - - 35 # 35 is the exit code signaling that the node is rebooting - - 1190 #1190 is the exit code signaling that a reboot is scheduled - wait_for_retry: 500 # May need to increase depending on computing resources. + - 1 # Exit, success: You still must reboot + - 2 # Exit, success, need to reboot + - 3 # Exit, success, with a non-critical failure + - 4 # Exit, success, with a non-critical failure, need to reboot + - 35 # 35 is the exit code signaling that the node is rebooting + - 1190 # 1190 is the exit code signaling that a reboot is scheduled + wait_for_retry: 500 # May need to increase depending on computing resources. max_retries: 1 platforms: diff --git a/kitchen.yml b/kitchen.yml index 516f2dd5..3992c1af 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -10,18 +10,18 @@ provisioner: deprecations_as_errors: true chef_license: accept-no-persist product_name: chef - product_version: '16' # <%= ENV['CHEF_VERSION'] || 'latest' %> + product_version: '16' # <%= ENV['CHEF_VERSION'] || 'latest' %> # log_level: debug install_strategy: once retry_on_exit_code: - 0 - - 1 # Exit, success: You still must reboot - - 2 # Exit, success, need to reboot - - 3 # Exit, success, with a non-critical failure - - 4 # Exit, success, with a non-critical failure, need to reboot - - 35 # 35 is the exit code signaling that the node is rebooting - - 1190 # 1190 is the exit code signaling that a reboot is scheduled - wait_for_retry: 500 # May need to increase depending on computing resources. + - 1 # Exit, success: You still must reboot + - 2 # Exit, success, need to reboot + - 3 # Exit, success, with a non-critical failure + - 4 # Exit, success, with a non-critical failure, need to reboot + - 35 # 35 is the exit code signaling that the node is rebooting + - 1190 # 1190 is the exit code signaling that a reboot is scheduled + wait_for_retry: 500 # May need to increase depending on computing resources. max_retries: 1 verifier: From 85b0f5a765aab12ca6823cdbf7fad27d1c059499 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Mon, 5 Jul 2021 00:45:07 -0500 Subject: [PATCH 43/73] increase timeout and retry count --- kitchen.exec.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kitchen.exec.yml b/kitchen.exec.yml index a2dc14c0..1caf2b4d 100644 --- a/kitchen.exec.yml +++ b/kitchen.exec.yml @@ -20,8 +20,8 @@ provisioner: - 4 # Exit, success, with a non-critical failure, need to reboot - 35 # 35 is the exit code signaling that the node is rebooting - 1190 # 1190 is the exit code signaling that a reboot is scheduled - wait_for_retry: 500 # May need to increase depending on computing resources. - max_retries: 1 + wait_for_retry: 600 # May need to increase depending on computing resources. + max_retries: 2 platforms: - name: windows-2016 From 13b3a43a7e3e838297f42e575224607075aa5cc3 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Mon, 5 Jul 2021 09:00:26 -0500 Subject: [PATCH 44/73] lower reboot timer to 1 --- test/cookbooks/windows_ad_test/recipes/reboot.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/cookbooks/windows_ad_test/recipes/reboot.rb b/test/cookbooks/windows_ad_test/recipes/reboot.rb index cf7aa579..a19eb088 100644 --- a/test/cookbooks/windows_ad_test/recipes/reboot.rb +++ b/test/cookbooks/windows_ad_test/recipes/reboot.rb @@ -5,7 +5,7 @@ reboot 'now' do action :nothing reason 'Cannot continue Chef run without a reboot.' - delay_mins 5 + delay_mins 1 not_if { ::File.exist?('C:\rebootsuccess.txt') } end From c9815a35cc343910575f5e7d80dec899cfe74b4a Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Mon, 5 Jul 2021 09:58:17 -0500 Subject: [PATCH 45/73] debug logging --- kitchen.exec.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/kitchen.exec.yml b/kitchen.exec.yml index 1caf2b4d..912c7bed 100644 --- a/kitchen.exec.yml +++ b/kitchen.exec.yml @@ -12,6 +12,7 @@ transport: provisioner: name: chef_zero deprecations_as_errors: true + log_level: debug retry_on_exit_code: - 0 - 1 # Exit, success: You still must reboot From b3c509490e876ce6963fc922a762af4815fdeece Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Mon, 30 Aug 2021 10:13:10 -0500 Subject: [PATCH 46/73] unified mode --- resources/ou.rb | 4 +++- resources/ou_2012.rb | 2 ++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/resources/ou.rb b/resources/ou.rb index 54766296..8fb9caaa 100644 --- a/resources/ou.rb +++ b/resources/ou.rb @@ -17,7 +17,9 @@ property :cmd_pass, String property :cmd_domain, String -action :create do # ~FC017 +unified_mode true + +action :create do require 'chef/win32/version' win_ver = Chef::ReservedNames::Win32::Version.new if win_ver.windows_server_2008? || win_ver.windows_server_2008_r2? diff --git a/resources/ou_2012.rb b/resources/ou_2012.rb index 87522e14..5be79d7f 100644 --- a/resources/ou_2012.rb +++ b/resources/ou_2012.rb @@ -17,6 +17,8 @@ property :cmd_pass, String property :cmd_domain, String +unified_mode true + action :create do if exists? Chef::Log.info('The object already exists') From 4fed28c28753b12d137e10cbb72b4bcc56160d30 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Mon, 30 Aug 2021 12:27:45 -0500 Subject: [PATCH 47/73] use windows_feature_dism --- recipes/default.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/recipes/default.rb b/recipes/default.rb index d3f7e7a8..e91c742a 100644 --- a/recipes/default.rb +++ b/recipes/default.rb @@ -38,6 +38,7 @@ ).each do |feature| windows_feature feature do action :install + install_method :windows_feature_dism all true end end From 8c6f69327f99ca629abe004ef87dbe1865fd576a Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Mon, 30 Aug 2021 15:18:40 -0500 Subject: [PATCH 48/73] reboot testing no supported on github actions --- .appveyor.yml | 39 +++++++++++++++++++++++ .github/workflows/ci.yml | 6 ---- kitchen.appyeyor.yml | 69 ++++++++++++++++++++++++++++++++++++++++ kitchen.exec.yml | 14 -------- 4 files changed, 108 insertions(+), 20 deletions(-) create mode 100644 .appveyor.yml create mode 100644 kitchen.appyeyor.yml diff --git a/.appveyor.yml b/.appveyor.yml new file mode 100644 index 00000000..67c24e11 --- /dev/null +++ b/.appveyor.yml @@ -0,0 +1,39 @@ +environment: + machine_user: vagrant + machine_pass: vagrant + KITCHEN_YAML: .kitchen.appveyor.yml + +branches: + only: + - master + +# Do not build on tags (GitHub only) +skip_tags: true + +#faster cloning +clone_depth: 1 + +# Install the latest nightly of ChefDK +install: + - ps: (& cmd /c); iex (irm https://omnitruck.chef.io/install.ps1); Install-Project -Project chefdk -channel current + - ps: 'Get-CimInstance win32_operatingsystem -Property Caption, OSArchitecture, Version | fl Caption, OSArchitecture, Version' + - ps: $PSVersionTable + - ps: $env:CHEF_LICENSE="accept" + - c:\opscode\chefdk\bin\chef.bat exec ruby --version + - ps: secedit /export /cfg $env:temp/export.cfg + - ps: ((get-content $env:temp/export.cfg) -replace ('PasswordComplexity = 1', 'PasswordComplexity = 0')) | Out-File $env:temp/export.cfg + - ps: ((get-content $env:temp/export.cfg) -replace ('MinimumPasswordLength = 8', 'MinimumPasswordLength = 0')) | Out-File $env:temp/export.cfg + - ps: secedit /configure /db $env:windir/security/new.sdb /cfg $env:temp/export.cfg /areas SECURITYPOLICY + - ps: net user /add $env:machine_user $env:machine_pass + - ps: net localgroup administrators $env:machine_user /add + +build_script: + - ps: c:\opscode\chefdk\bin\chef.bat shell-init powershell | iex; cmd /c c:\opscode\chefdk\bin\chef.bat --version + +test_script: + - c:\opscode\chefdk\bin\cookstyle --version + - c:\opscode\chefdk\bin\chef.bat exec foodcritic --version + - c:\opscode\chefdk\bin\chef.bat exec delivery local all + - c:\opscode\chefdk\bin\chef.bat exec kitchen verify + +deploy: off diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7cf5705a..6b3a6c6a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -43,9 +43,6 @@ jobs: - 'windows-2016' suite: - 'default' - - 'forest' - - 'reboot' - - 'objects' fail-fast: false steps: @@ -73,9 +70,6 @@ jobs: - 'windows-2019' suite: - 'default' - - 'forest' - - 'reboot' - - 'objects' fail-fast: false steps: diff --git a/kitchen.appyeyor.yml b/kitchen.appyeyor.yml new file mode 100644 index 00000000..15a39e89 --- /dev/null +++ b/kitchen.appyeyor.yml @@ -0,0 +1,69 @@ +--- +driver: + name: proxy + host: localhost + reset_command: "exit 0" + port: 5985 + username: <%= ENV["machine_user"] %> + password: <%= ENV["machine_pass"] %> + +provisioner: + name: chef_zero + client_rb: + chef_license: accept + retry_on_exit_code: + - 0 + - 1 # Exit, success: You still must reboot, this just notes that the automatic restart flag was removed + - 2 # Exit, success, need to reboot + - 3 # Exit, success, with a non-critical failure: Typically seen when returning the DNS Delegation warning. + - 4 # Exit, success, with a non-critical failure, need to reboot: Typically seen when returning the DNS Delegation warning. + - 35 # 35 is the exit code signaling that the node is rebooting + - 1190 #1190 is the exit code signaling that a reboot is scheduled + wait_for_retry: 600 # May need to increase depending on computing resources. + max_retries: 1 + +verifier: + name: inspec + +transport: + connection_retry_sleep: 300 # Prevent Winrm from failing out when DC is created. + winrm_transport: plaintext # When set to plaintext the winrm will run in one converge + +platforms: + - name: windows-2012r2 + driver: + box: tas50/windows_2012r2 + customize: + memory: 2048 + - name: windows-2016 + driver: + box: tas50/windows_2016 + customize: + memory: 2048 + - name: windows-2019 + driver: + box: tas50/windows_2016 + customize: + memory: 2048 + +suites: + - name: default + run_list: + - recipe[windows_ad::default] + verifier: + inspec_tests: + - test/integration/default + attributes: + +# - name: objects +# run_list: +# - recipe[windows_ad_test::setup_forest] +# - recipe[windows_ad_test::ou] +# - recipe[windows_ad_test::group] +# - recipe[windows_ad_test::user] +# verifier: +# inspec_tests: +# - test/integration/default +# - test/integration/forest +# - test/integration/objects +# attributes: diff --git a/kitchen.exec.yml b/kitchen.exec.yml index 912c7bed..557ff3fd 100644 --- a/kitchen.exec.yml +++ b/kitchen.exec.yml @@ -4,25 +4,11 @@ driver: transport: name: exec - # Prevent Winrm from failing out when DC is created. - connection_retry_sleep: 300 - # When set to plaintext the winrm will run in one converge - winrm_transport: plaintext provisioner: name: chef_zero deprecations_as_errors: true log_level: debug - retry_on_exit_code: - - 0 - - 1 # Exit, success: You still must reboot - - 2 # Exit, success, need to reboot - - 3 # Exit, success, with a non-critical failure - - 4 # Exit, success, with a non-critical failure, need to reboot - - 35 # 35 is the exit code signaling that the node is rebooting - - 1190 # 1190 is the exit code signaling that a reboot is scheduled - wait_for_retry: 600 # May need to increase depending on computing resources. - max_retries: 2 platforms: - name: windows-2016 From e3d2073f046ac76ecee1b20a08864e6799e6a585 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Mon, 30 Aug 2021 15:28:21 -0500 Subject: [PATCH 49/73] use chefworkstation --- .appveyor.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.appveyor.yml b/.appveyor.yml index 67c24e11..9a7ef340 100644 --- a/.appveyor.yml +++ b/.appveyor.yml @@ -13,13 +13,13 @@ skip_tags: true #faster cloning clone_depth: 1 -# Install the latest nightly of ChefDK +# Install the latest nightly of ChefWorkstation install: - - ps: (& cmd /c); iex (irm https://omnitruck.chef.io/install.ps1); Install-Project -Project chefdk -channel current + - ps: (& cmd /c); iex (irm https://omnitruck.chef.io/install.ps1); Install-Project -Project chefworkstation -channel current - ps: 'Get-CimInstance win32_operatingsystem -Property Caption, OSArchitecture, Version | fl Caption, OSArchitecture, Version' - ps: $PSVersionTable - ps: $env:CHEF_LICENSE="accept" - - c:\opscode\chefdk\bin\chef.bat exec ruby --version + - c:\opscode\chefworkstation\bin\chef.bat exec ruby --version - ps: secedit /export /cfg $env:temp/export.cfg - ps: ((get-content $env:temp/export.cfg) -replace ('PasswordComplexity = 1', 'PasswordComplexity = 0')) | Out-File $env:temp/export.cfg - ps: ((get-content $env:temp/export.cfg) -replace ('MinimumPasswordLength = 8', 'MinimumPasswordLength = 0')) | Out-File $env:temp/export.cfg From e006f155d1873f25714e6d19e4e76f4a0afd29dd Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Mon, 30 Aug 2021 17:27:01 -0500 Subject: [PATCH 50/73] yamllint --- .appveyor.yml | 5 +++-- .rubocop.yml | 1 + kitchen.appyeyor.yml | 18 +++++++++--------- 3 files changed, 13 insertions(+), 11 deletions(-) diff --git a/.appveyor.yml b/.appveyor.yml index 9a7ef340..26633aa4 100644 --- a/.appveyor.yml +++ b/.appveyor.yml @@ -1,3 +1,4 @@ +--- environment: machine_user: vagrant machine_pass: vagrant @@ -10,7 +11,7 @@ branches: # Do not build on tags (GitHub only) skip_tags: true -#faster cloning +# faster cloning clone_depth: 1 # Install the latest nightly of ChefWorkstation @@ -36,4 +37,4 @@ test_script: - c:\opscode\chefdk\bin\chef.bat exec delivery local all - c:\opscode\chefdk\bin\chef.bat exec kitchen verify -deploy: off +deploy: false diff --git a/.rubocop.yml b/.rubocop.yml index 3bcfae7f..07dfacac 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -1,2 +1,3 @@ +--- Lint/ParenthesesAsGroupedExpression: Enabled: false diff --git a/kitchen.appyeyor.yml b/kitchen.appyeyor.yml index 15a39e89..f056a85e 100644 --- a/kitchen.appyeyor.yml +++ b/kitchen.appyeyor.yml @@ -13,21 +13,21 @@ provisioner: chef_license: accept retry_on_exit_code: - 0 - - 1 # Exit, success: You still must reboot, this just notes that the automatic restart flag was removed - - 2 # Exit, success, need to reboot - - 3 # Exit, success, with a non-critical failure: Typically seen when returning the DNS Delegation warning. - - 4 # Exit, success, with a non-critical failure, need to reboot: Typically seen when returning the DNS Delegation warning. - - 35 # 35 is the exit code signaling that the node is rebooting - - 1190 #1190 is the exit code signaling that a reboot is scheduled - wait_for_retry: 600 # May need to increase depending on computing resources. + - 1 # Exit, success: You still must reboot, this just notes that the automatic restart flag was removed + - 2 # Exit, success, need to reboot + - 3 # Exit, success, with a non-critical failure: Typically seen when returning the DNS Delegation warning. + - 4 # Exit, success, with a non-critical failure, need to reboot: Typically seen when returning the DNS Delegation warning. + - 35 # 35 is the exit code signaling that the node is rebooting + - 1190 # 1190 is the exit code signaling that a reboot is scheduled + wait_for_retry: 600 # May need to increase depending on computing resources. max_retries: 1 verifier: name: inspec transport: - connection_retry_sleep: 300 # Prevent Winrm from failing out when DC is created. - winrm_transport: plaintext # When set to plaintext the winrm will run in one converge + connection_retry_sleep: 300 # Prevent Winrm from failing out when DC is created. + winrm_transport: plaintext # When set to plaintext the winrm will run in one converge platforms: - name: windows-2012r2 From e02cc5e5a6b16c87abd13234ab76fc38969c1a92 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Mon, 30 Aug 2021 17:42:41 -0500 Subject: [PATCH 51/73] typo --- .appveyor.yml | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/.appveyor.yml b/.appveyor.yml index 26633aa4..4b77704e 100644 --- a/.appveyor.yml +++ b/.appveyor.yml @@ -16,11 +16,10 @@ clone_depth: 1 # Install the latest nightly of ChefWorkstation install: - - ps: (& cmd /c); iex (irm https://omnitruck.chef.io/install.ps1); Install-Project -Project chefworkstation -channel current + - ps: (& cmd /c); iex (irm https://omnitruck.chef.io/install.ps1); Install-Project -Project chef-workstation -channel current - ps: 'Get-CimInstance win32_operatingsystem -Property Caption, OSArchitecture, Version | fl Caption, OSArchitecture, Version' - ps: $PSVersionTable - ps: $env:CHEF_LICENSE="accept" - - c:\opscode\chefworkstation\bin\chef.bat exec ruby --version - ps: secedit /export /cfg $env:temp/export.cfg - ps: ((get-content $env:temp/export.cfg) -replace ('PasswordComplexity = 1', 'PasswordComplexity = 0')) | Out-File $env:temp/export.cfg - ps: ((get-content $env:temp/export.cfg) -replace ('MinimumPasswordLength = 8', 'MinimumPasswordLength = 0')) | Out-File $env:temp/export.cfg @@ -29,12 +28,12 @@ install: - ps: net localgroup administrators $env:machine_user /add build_script: - - ps: c:\opscode\chefdk\bin\chef.bat shell-init powershell | iex; cmd /c c:\opscode\chefdk\bin\chef.bat --version + - ps: c:\opscode\chef-workstation\bin\chef.bat shell-init powershell | iex; cmd /c c:\opscode\chef-workstation\bin\chef.bat --version test_script: - - c:\opscode\chefdk\bin\cookstyle --version - - c:\opscode\chefdk\bin\chef.bat exec foodcritic --version - - c:\opscode\chefdk\bin\chef.bat exec delivery local all - - c:\opscode\chefdk\bin\chef.bat exec kitchen verify + - c:\opscode\chef-workstation\bin\cookstyle --version + - c:\opscode\chef-workstation\bin\chef.bat exec foodcritic --version + - c:\opscode\chef-workstation\bin\chef.bat exec delivery local all + - c:\opscode\chef-workstation\bin\chef.bat exec kitchen verify deploy: false From 6d12dd4c90fd5e9d426efe0b68cfe9eb27bf32e8 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Mon, 30 Aug 2021 18:49:42 -0500 Subject: [PATCH 52/73] chef.exe --- .appveyor.yml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.appveyor.yml b/.appveyor.yml index 4b77704e..754ced13 100644 --- a/.appveyor.yml +++ b/.appveyor.yml @@ -28,12 +28,10 @@ install: - ps: net localgroup administrators $env:machine_user /add build_script: - - ps: c:\opscode\chef-workstation\bin\chef.bat shell-init powershell | iex; cmd /c c:\opscode\chef-workstation\bin\chef.bat --version + - ps: c:\opscode\chef-workstation\bin\chef.exe shell-init powershell | iex; cmd /c c:\opscode\chef-workstation\bin\chef.exe --version test_script: - - c:\opscode\chef-workstation\bin\cookstyle --version - - c:\opscode\chef-workstation\bin\chef.bat exec foodcritic --version - - c:\opscode\chef-workstation\bin\chef.bat exec delivery local all - - c:\opscode\chef-workstation\bin\chef.bat exec kitchen verify + - c:\opscode\chef-workstation\bin\chef.exe exec delivery local all + - c:\opscode\chef-workstation\bin\chef.exe exec kitchen verify deploy: false From 265e5befa1b4f4cd1b1dbd1757df39c6fd2eea58 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Mon, 30 Aug 2021 19:04:49 -0500 Subject: [PATCH 53/73] remove build script --- .appveyor.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.appveyor.yml b/.appveyor.yml index 754ced13..a8180269 100644 --- a/.appveyor.yml +++ b/.appveyor.yml @@ -27,9 +27,6 @@ install: - ps: net user /add $env:machine_user $env:machine_pass - ps: net localgroup administrators $env:machine_user /add -build_script: - - ps: c:\opscode\chef-workstation\bin\chef.exe shell-init powershell | iex; cmd /c c:\opscode\chef-workstation\bin\chef.exe --version - test_script: - c:\opscode\chef-workstation\bin\chef.exe exec delivery local all - c:\opscode\chef-workstation\bin\chef.exe exec kitchen verify From dfb693f451fdfa634618a430e8fd37016ba59593 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Mon, 30 Aug 2021 19:04:49 -0500 Subject: [PATCH 54/73] Revert "remove build script" This reverts commit 265e5befa1b4f4cd1b1dbd1757df39c6fd2eea58. From 181e88f54e71360a401534c302df1a25402fcc26 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Sat, 4 Sep 2021 08:45:24 -0500 Subject: [PATCH 55/73] appveyor updates --- .appveyor.yml | 10 ++++++++++ kitchen.appyeyor.yml | 40 ++++++++++++++++++++++++++++------------ 2 files changed, 38 insertions(+), 12 deletions(-) diff --git a/.appveyor.yml b/.appveyor.yml index a8180269..ac3f3c53 100644 --- a/.appveyor.yml +++ b/.appveyor.yml @@ -1,7 +1,14 @@ --- +version: "build-{build}" + +os: Windows Server 2012 R2 +platform: + - x64 + environment: machine_user: vagrant machine_pass: vagrant + machine_port: 5985 KITCHEN_YAML: .kitchen.appveyor.yml branches: @@ -27,6 +34,9 @@ install: - ps: net user /add $env:machine_user $env:machine_pass - ps: net localgroup administrators $env:machine_user /add +build_script: + - ps: c:\opscode\chefdk\bin\chef.bat shell-init powershell | iex; cmd /c c:\opscode\chefdk\bin\chef.bat --version + test_script: - c:\opscode\chef-workstation\bin\chef.exe exec delivery local all - c:\opscode\chef-workstation\bin\chef.exe exec kitchen verify diff --git a/kitchen.appyeyor.yml b/kitchen.appyeyor.yml index f056a85e..8ee3bfae 100644 --- a/kitchen.appyeyor.yml +++ b/kitchen.appyeyor.yml @@ -55,15 +55,31 @@ suites: - test/integration/default attributes: -# - name: objects -# run_list: -# - recipe[windows_ad_test::setup_forest] -# - recipe[windows_ad_test::ou] -# - recipe[windows_ad_test::group] -# - recipe[windows_ad_test::user] -# verifier: -# inspec_tests: -# - test/integration/default -# - test/integration/forest -# - test/integration/objects -# attributes: + - name: forest + run_list: + - recipe[windows_ad_test::setup_forest] + verifier: + inspec_tests: + - test/integration/forest + attributes: + + - name: objects + run_list: + - recipe[windows_ad_test::setup_forest] + - recipe[windows_ad_test::ou] + - recipe[windows_ad_test::group] + - recipe[windows_ad_test::user] + verifier: + inspec_tests: + - test/integration/default + - test/integration/forest + - test/integration/objects + attributes: + + - name: reboot + run_list: + - recipe[windows_ad_test::reboot] + verifier: + inspec_tests: + - test/integration/reboot + From 447188fda01499e4f065cb1ee670fb5342391fb2 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Sat, 4 Sep 2021 08:49:31 -0500 Subject: [PATCH 56/73] exe instead of bat --- .appveyor.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.appveyor.yml b/.appveyor.yml index ac3f3c53..2f7ad200 100644 --- a/.appveyor.yml +++ b/.appveyor.yml @@ -35,7 +35,7 @@ install: - ps: net localgroup administrators $env:machine_user /add build_script: - - ps: c:\opscode\chefdk\bin\chef.bat shell-init powershell | iex; cmd /c c:\opscode\chefdk\bin\chef.bat --version + - ps: c:\opscode\chefdk\bin\chef.exe shell-init powershell | iex; cmd /c c:\opscode\chefdk\bin\chef.exe --version test_script: - c:\opscode\chef-workstation\bin\chef.exe exec delivery local all From 0f1687b69975b2a04a946f29761c6997a584832f Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Sat, 4 Sep 2021 09:10:23 -0500 Subject: [PATCH 57/73] chef-workstation instead of chefdk --- .appveyor.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.appveyor.yml b/.appveyor.yml index 2f7ad200..724f05c5 100644 --- a/.appveyor.yml +++ b/.appveyor.yml @@ -1,7 +1,7 @@ --- version: "build-{build}" -os: Windows Server 2012 R2 +os: Windows Server 2019 platform: - x64 @@ -35,7 +35,7 @@ install: - ps: net localgroup administrators $env:machine_user /add build_script: - - ps: c:\opscode\chefdk\bin\chef.exe shell-init powershell | iex; cmd /c c:\opscode\chefdk\bin\chef.exe --version + - ps: c:\opscode\chef-workstation\bin\chef.exe shell-init powershell | iex; cmd /c c:\opscode\chef-workstation\bin\chef.exe --version test_script: - c:\opscode\chef-workstation\bin\chef.exe exec delivery local all From 0aef2bb83a1e1c5a777e93dad040cb7c5e6f1cd1 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Sat, 4 Sep 2021 09:13:16 -0500 Subject: [PATCH 58/73] windows server 2012r2 --- .appveyor.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.appveyor.yml b/.appveyor.yml index 724f05c5..30eca33b 100644 --- a/.appveyor.yml +++ b/.appveyor.yml @@ -1,7 +1,7 @@ --- version: "build-{build}" -os: Windows Server 2019 +os: Windows Server 2012 R2 platform: - x64 From 2d653531537431cc38efdb1ebfb17038c546f3bf Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Sat, 4 Sep 2021 09:37:36 -0500 Subject: [PATCH 59/73] simple build script --- .appveyor.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.appveyor.yml b/.appveyor.yml index 30eca33b..2d13255f 100644 --- a/.appveyor.yml +++ b/.appveyor.yml @@ -35,7 +35,7 @@ install: - ps: net localgroup administrators $env:machine_user /add build_script: - - ps: c:\opscode\chef-workstation\bin\chef.exe shell-init powershell | iex; cmd /c c:\opscode\chef-workstation\bin\chef.exe --version + - ps: c:\opscode\chef-workstation\bin\chef.exe --version test_script: - c:\opscode\chef-workstation\bin\chef.exe exec delivery local all From f61557a5b94628d75fb0509972390d8a19ae866f Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Sat, 4 Sep 2021 10:02:12 -0500 Subject: [PATCH 60/73] add chef-workstation to path --- .appveyor.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.appveyor.yml b/.appveyor.yml index 2d13255f..4f78cf2d 100644 --- a/.appveyor.yml +++ b/.appveyor.yml @@ -33,6 +33,7 @@ install: - ps: secedit /configure /db $env:windir/security/new.sdb /cfg $env:temp/export.cfg /areas SECURITYPOLICY - ps: net user /add $env:machine_user $env:machine_pass - ps: net localgroup administrators $env:machine_user /add + - ps: $env:Path += ";c:\opscode\chef-workstation\bin\" build_script: - ps: c:\opscode\chef-workstation\bin\chef.exe --version From 3d129332db4403dc0e9684f10ed4ff533c6218b9 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Sat, 4 Sep 2021 10:06:07 -0500 Subject: [PATCH 61/73] use kitchen.appveyor.yml --- .appveyor.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.appveyor.yml b/.appveyor.yml index 4f78cf2d..8b79b6a5 100644 --- a/.appveyor.yml +++ b/.appveyor.yml @@ -9,7 +9,7 @@ environment: machine_user: vagrant machine_pass: vagrant machine_port: 5985 - KITCHEN_YAML: .kitchen.appveyor.yml + KITCHEN_YAML: kitchen.appveyor.yml branches: only: From 2f4b3dfe6f53d0a8eba8bad70390a1ec8f339ba2 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Sat, 4 Sep 2021 10:09:44 -0500 Subject: [PATCH 62/73] debug - file does not exist --- .appveyor.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.appveyor.yml b/.appveyor.yml index 8b79b6a5..34d73b7a 100644 --- a/.appveyor.yml +++ b/.appveyor.yml @@ -34,6 +34,7 @@ install: - ps: net user /add $env:machine_user $env:machine_pass - ps: net localgroup administrators $env:machine_user /add - ps: $env:Path += ";c:\opscode\chef-workstation\bin\" + - ps: Get-ChildItem c:\projects\cookbook-windows-ad/ build_script: - ps: c:\opscode\chef-workstation\bin\chef.exe --version From 6b5a036debf360d1d5988ef81e334b4924a7ad10 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Sat, 4 Sep 2021 10:12:51 -0500 Subject: [PATCH 63/73] rename file --- kitchen.appyeyor.yml => kitchen.appveyor.yml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename kitchen.appyeyor.yml => kitchen.appveyor.yml (100%) diff --git a/kitchen.appyeyor.yml b/kitchen.appveyor.yml similarity index 100% rename from kitchen.appyeyor.yml rename to kitchen.appveyor.yml From 1289deaf67792986a7e4ec810b739dcb30448336 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Sat, 4 Sep 2021 11:34:01 -0500 Subject: [PATCH 64/73] single test --- .appveyor.yml | 7 ++--- kitchen.appveyor.yml | 74 ++++++++++++++++++++++---------------------- 2 files changed, 40 insertions(+), 41 deletions(-) diff --git a/.appveyor.yml b/.appveyor.yml index 34d73b7a..a64a0e59 100644 --- a/.appveyor.yml +++ b/.appveyor.yml @@ -1,9 +1,9 @@ --- version: "build-{build}" -os: Windows Server 2012 R2 -platform: - - x64 +#os: Windows Server 2012 R2 +#platform: +# - x64 environment: machine_user: vagrant @@ -34,7 +34,6 @@ install: - ps: net user /add $env:machine_user $env:machine_pass - ps: net localgroup administrators $env:machine_user /add - ps: $env:Path += ";c:\opscode\chef-workstation\bin\" - - ps: Get-ChildItem c:\projects\cookbook-windows-ad/ build_script: - ps: c:\opscode\chef-workstation\bin\chef.exe --version diff --git a/kitchen.appveyor.yml b/kitchen.appveyor.yml index 8ee3bfae..934720e5 100644 --- a/kitchen.appveyor.yml +++ b/kitchen.appveyor.yml @@ -35,16 +35,16 @@ platforms: box: tas50/windows_2012r2 customize: memory: 2048 - - name: windows-2016 - driver: - box: tas50/windows_2016 - customize: - memory: 2048 - - name: windows-2019 - driver: - box: tas50/windows_2016 - customize: - memory: 2048 +# - name: windows-2016 +# driver: +# box: tas50/windows_2016 +# customize: +# memory: 2048 +# - name: windows-2019 +# driver: +# box: tas50/windows_2016 +# customize: +# memory: 2048 suites: - name: default @@ -55,31 +55,31 @@ suites: - test/integration/default attributes: - - name: forest - run_list: - - recipe[windows_ad_test::setup_forest] - verifier: - inspec_tests: - - test/integration/forest - attributes: - - - name: objects - run_list: - - recipe[windows_ad_test::setup_forest] - - recipe[windows_ad_test::ou] - - recipe[windows_ad_test::group] - - recipe[windows_ad_test::user] - verifier: - inspec_tests: - - test/integration/default - - test/integration/forest - - test/integration/objects - attributes: - - - name: reboot - run_list: - - recipe[windows_ad_test::reboot] - verifier: - inspec_tests: - - test/integration/reboot +# - name: forest +# run_list: +# - recipe[windows_ad_test::setup_forest] +# verifier: +# inspec_tests: +# - test/integration/forest +# attributes: +# +# - name: objects +# run_list: +# - recipe[windows_ad_test::setup_forest] +# - recipe[windows_ad_test::ou] +# - recipe[windows_ad_test::group] +# - recipe[windows_ad_test::user] +# verifier: +# inspec_tests: +# - test/integration/default +# - test/integration/forest +# - test/integration/objects +# attributes: +# +# - name: reboot +# run_list: +# - recipe[windows_ad_test::reboot] +# verifier: +# inspec_tests: +# - test/integration/reboot From c528b9b34ac554b55c8225a45ab511858bd81b36 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Sat, 4 Sep 2021 12:13:38 -0500 Subject: [PATCH 65/73] log level - debug --- .appveyor.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.appveyor.yml b/.appveyor.yml index a64a0e59..13b3e551 100644 --- a/.appveyor.yml +++ b/.appveyor.yml @@ -13,7 +13,7 @@ environment: branches: only: - - master + - main # Do not build on tags (GitHub only) skip_tags: true @@ -40,6 +40,6 @@ build_script: test_script: - c:\opscode\chef-workstation\bin\chef.exe exec delivery local all - - c:\opscode\chef-workstation\bin\chef.exe exec kitchen verify + - c:\opscode\chef-workstation\bin\chef.exe exec kitchen test --log-level debug deploy: false From 833ff5ec6b33a8bb97b2a7e386c1544f82c5d662 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Thu, 9 Sep 2021 23:16:10 -0500 Subject: [PATCH 66/73] add images --- .appveyor.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.appveyor.yml b/.appveyor.yml index 13b3e551..7e909413 100644 --- a/.appveyor.yml +++ b/.appveyor.yml @@ -10,6 +10,7 @@ environment: machine_pass: vagrant machine_port: 5985 KITCHEN_YAML: kitchen.appveyor.yml + CHEF_LICENSE: accept branches: only: @@ -21,6 +22,13 @@ skip_tags: true # faster cloning clone_depth: 1 +image: + - Visual Studio 2017 + - Visual Studio 2019 + +platform: + - Any CPU + # Install the latest nightly of ChefWorkstation install: - ps: (& cmd /c); iex (irm https://omnitruck.chef.io/install.ps1); Install-Project -Project chef-workstation -channel current From 7140ddbd98c2dee0d7a4a8e331c70484f5505d3e Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Thu, 9 Sep 2021 23:23:01 -0500 Subject: [PATCH 67/73] winrm elevated --- kitchen.appveyor.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/kitchen.appveyor.yml b/kitchen.appveyor.yml index 934720e5..13609eef 100644 --- a/kitchen.appveyor.yml +++ b/kitchen.appveyor.yml @@ -26,8 +26,14 @@ verifier: name: inspec transport: - connection_retry_sleep: 300 # Prevent Winrm from failing out when DC is created. - winrm_transport: plaintext # When set to plaintext the winrm will run in one converge + name: winrm + elevated: true + username: <%= ENV["machine_user"] %> + password: <%= ENV["machine_pass"] %> + connection_retries: 20 + connection_retry_sleep: 5 + # connection_retry_sleep: 300 # Prevent Winrm from failing out when DC is created. + # winrm_transport: plaintext # When set to plaintext the winrm will run in one converge platforms: - name: windows-2012r2 From a09833a73783f1925d0e30887e3a39364f62a910 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Thu, 9 Sep 2021 23:32:29 -0500 Subject: [PATCH 68/73] refining tests --- .appveyor.yml | 1 + kitchen.appveyor.yml | 11 +++-------- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/.appveyor.yml b/.appveyor.yml index 7e909413..c191ff78 100644 --- a/.appveyor.yml +++ b/.appveyor.yml @@ -23,6 +23,7 @@ skip_tags: true clone_depth: 1 image: + - Visual Studio 2015 - Visual Studio 2017 - Visual Studio 2019 diff --git a/kitchen.appveyor.yml b/kitchen.appveyor.yml index 13609eef..f436429d 100644 --- a/kitchen.appveyor.yml +++ b/kitchen.appveyor.yml @@ -9,8 +9,7 @@ driver: provisioner: name: chef_zero - client_rb: - chef_license: accept + chef_license: accept retry_on_exit_code: - 0 - 1 # Exit, success: You still must reboot, this just notes that the automatic restart flag was removed @@ -28,12 +27,8 @@ verifier: transport: name: winrm elevated: true - username: <%= ENV["machine_user"] %> - password: <%= ENV["machine_pass"] %> - connection_retries: 20 - connection_retry_sleep: 5 - # connection_retry_sleep: 300 # Prevent Winrm from failing out when DC is created. - # winrm_transport: plaintext # When set to plaintext the winrm will run in one converge + connection_retry_sleep: 300 # Prevent Winrm from failing out when DC is created. + winrm_transport: plaintext # When set to plaintext the winrm will run in one converge platforms: - name: windows-2012r2 From fc571d5b8d5f350af65c6165a31785c4739638bc Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Fri, 10 Sep 2021 06:42:18 -0500 Subject: [PATCH 69/73] add transport username,password --- kitchen.appveyor.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kitchen.appveyor.yml b/kitchen.appveyor.yml index f436429d..e9b59249 100644 --- a/kitchen.appveyor.yml +++ b/kitchen.appveyor.yml @@ -27,6 +27,8 @@ verifier: transport: name: winrm elevated: true + username: <%= ENV["machine_user"] %> + password: <%= ENV["machine_pass"] %> connection_retry_sleep: 300 # Prevent Winrm from failing out when DC is created. winrm_transport: plaintext # When set to plaintext the winrm will run in one converge From b17e91f13a2478f96091b6aaece33a55dce9a797 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Fri, 10 Sep 2021 07:53:57 -0500 Subject: [PATCH 70/73] winrm elevated --- kitchen.appveyor.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/kitchen.appveyor.yml b/kitchen.appveyor.yml index e9b59249..b92c2bad 100644 --- a/kitchen.appveyor.yml +++ b/kitchen.appveyor.yml @@ -29,8 +29,10 @@ transport: elevated: true username: <%= ENV["machine_user"] %> password: <%= ENV["machine_pass"] %> - connection_retry_sleep: 300 # Prevent Winrm from failing out when DC is created. - winrm_transport: plaintext # When set to plaintext the winrm will run in one converge + connection_retries: 20 + connection_retry_sleep: 5 + # connection_retry_sleep: 300 # Prevent Winrm from failing out when DC is created. + # winrm_transport: plaintext # When set to plaintext the winrm will run in one converge platforms: - name: windows-2012r2 From cfb8581f45ad98a7692faaad761c12eba4f93a66 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Thu, 9 Sep 2021 23:23:01 -0500 Subject: [PATCH 71/73] restore full build_script command --- .appveyor.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.appveyor.yml b/.appveyor.yml index c191ff78..8cbbd881 100644 --- a/.appveyor.yml +++ b/.appveyor.yml @@ -25,7 +25,6 @@ clone_depth: 1 image: - Visual Studio 2015 - Visual Studio 2017 - - Visual Studio 2019 platform: - Any CPU @@ -45,7 +44,7 @@ install: - ps: $env:Path += ";c:\opscode\chef-workstation\bin\" build_script: - - ps: c:\opscode\chef-workstation\bin\chef.exe --version + - ps: c:\opscode\chef-workstation\bin\chef.exe shell-init powershell | iexe; cmd /c c:\opscode\chef-workstation\bin\chef.exe --version test_script: - c:\opscode\chef-workstation\bin\chef.exe exec delivery local all From a4809542b39438855df7c427fa9f00b1a2673c5a Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Fri, 10 Sep 2021 20:09:39 -0500 Subject: [PATCH 72/73] add forest suite --- kitchen.appveyor.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/kitchen.appveyor.yml b/kitchen.appveyor.yml index b92c2bad..60b068fa 100644 --- a/kitchen.appveyor.yml +++ b/kitchen.appveyor.yml @@ -60,14 +60,14 @@ suites: - test/integration/default attributes: -# - name: forest -# run_list: -# - recipe[windows_ad_test::setup_forest] -# verifier: -# inspec_tests: -# - test/integration/forest -# attributes: -# + - name: forest + run_list: + - recipe[windows_ad_test::setup_forest] + verifier: + inspec_tests: + - test/integration/forest + attributes: + # - name: objects # run_list: # - recipe[windows_ad_test::setup_forest] From 70cd99323db15d405fe66d7c203e585c70a79ff6 Mon Sep 17 00:00:00 2001 From: Derek Groh Date: Fri, 10 Sep 2021 21:30:48 -0500 Subject: [PATCH 73/73] increase retry sleep to 300 --- kitchen.appveyor.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kitchen.appveyor.yml b/kitchen.appveyor.yml index 60b068fa..2df5d4d0 100644 --- a/kitchen.appveyor.yml +++ b/kitchen.appveyor.yml @@ -30,7 +30,7 @@ transport: username: <%= ENV["machine_user"] %> password: <%= ENV["machine_pass"] %> connection_retries: 20 - connection_retry_sleep: 5 + connection_retry_sleep: 300 # connection_retry_sleep: 300 # Prevent Winrm from failing out when DC is created. # winrm_transport: plaintext # When set to plaintext the winrm will run in one converge