Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Development repository for Chef Cookbook windows

License

NotificationsYou must be signed in to change notification settings

chef-boneyard/windows

Repository files navigation

Build statusCookbook Version

Provides a set of Windows-specific resources to aid in the creation of cookbooks/recipes targeting the Windows platform.

EOL Notice

This cookbook is no longer required for managing Windows nodes with Chef Infra. The necessary resources and helpers are now built into Chef Infra Client itself. These built-in resources are more feature rich and execute faster.

Requirements

Platforms

  • Windows 7 (EOL)
  • Windows Server 2008 R2 (EOL)
  • Windows 8, 8.1
  • Windows Server 2012 (R1, R2)
  • Windows Server 2016

Chef

  • Chef 14.7+

Resources

windows_certificate_binding

Binds a certificate to an HTTP port to enable TLS communication.

Actions

  • :create - creates or updates a binding.
  • :delete - deletes a binding.

Properties

  • cert_name - name attribute. The thumbprint(hash) or subject that identifies the certificate to be bound.
  • name_kind - indicates the type of cert_name. One of :subject (default) or :hash.
  • address - the address to bind against. Default is 0.0.0.0 (all IP addresses). One of:
    • IP v4 address1.2.3.4
    • IP v6 address[::1]
    • Host namewww.foo.com
  • port - the port to bind against. Default is 443.
  • app_id - the GUID that defines the application that owns the binding. Default is the values used by IIS.
  • store_name - the store to locate the certificate in. One of:
    • MY (Personal)
    • CA (Intermediate Certification Authorities)
    • ROOT (Trusted Root Certification Authorities)
    • TRUSTEDPUBLISHER (Trusted Publishers)
    • CLIENTAUTHISSUER (Client Authentication Issuers)
    • REMOTE DESKTOP (Remote Desktop)
    • TRUSTEDDEVICES (Trusted Devices)
    • WEBHOSTING (Web Hosting)
    • AUTHROOT (Third-Party Root Certification Authorities)
    • TRUSTEDPEOPLE (Trusted People)
    • SMARTCARDROOT (Smart Card Trusted Roots)
    • TRUST (Enterprise Trust)

Examples

# Bind the first certificate matching the subject to the default TLS portwindows_certificate_binding"me.acme.com"doend
# Bind a cert from the CA store with the given hash to port 4334windows_certificate_binding"me.acme.com"docert_name"d234567890a23f567c901e345bc8901d34567890"name_kind:hashstore_name"CA"port4334end

windows_dns

Note: This resource is now included in Chef 15 and later. If you are using newer versions ofwindows then should use the coreresource instead of windows_dns.

Configures A and CNAME records in Windows DNS. This requires the DNSCMD to be installed, which is done by adding the DNS role to the server or installing the Remote Server Admin Tools.

Actions

  • :create: creates/updates the DNS entry
  • :delete: deletes the DNS entry

Properties

  • host_name: name attribute. FQDN of the entry to act on.
  • dns_server: the DNS server to update. Default is local machine (.)
  • record_type: the type of record to create. One of A (default) or CNAME
  • target: for A records an array of IP addresses to associate with the host; for CNAME records the FQDN of the host to alias
  • ttl: if > 0 then set the time to live of the record

Examples

# Create A record linked to 2 addresses with a 10 minute ttlwindows_dns"m1.chef.test"dotarget['10.9.8.7','1.2.3.4']ttl600end
# Delete records. target is mandatory although not usedwindows_dns"m1.chef.test"doaction:deletetarget[]end
# Set an alias against the node in a rolenodes=search(:node,"role:my_service")windows_dns"myservice.chef.test"dorecord_type'CNAME'targetnodes[0]['fqdn']end

windows_http_acl

Sets the Access Control List for an http URL to grant non-admin accounts permission to open HTTP endpoints.

Actions

  • :create - creates or updates the ACL for a URL.
  • :delete - deletes the ACL from a URL.

Properties

  • url - the name of the url to be created/deleted.
  • sddl - the DACL string configuring all permissions to URL. Mandatory for create if user is not provided. Can't be use withuser.
  • user - the name (domain\user) of the user or group to be granted permission to the URL. Mandatory for create if sddl is not provided. Can't be use withsddl. Only one user or group can be granted permission so this replaces any previously defined entry. If you receive a parameter error your user may not exist.

Examples

windows_http_acl'http://+:50051/'douser'pc\\fred'end
# Grant access to users "NT SERVICE\WinRM" and "NT SERVICE\Wecsvc" via sddlwindows_http_acl'http://+:5985/'dosddl'D:(A;;GX;;;S-1-5-80-569256582-2953403351-2909559716-1301513147-412116970)(A;;GX;;;S-1-5-80-4059739203-877974739-1245631912-527174227-2996563517)'end
windows_http_acl'http://+:50051/'doaction:deleteend

windows_schannel

Used to configure the schannel security settings in windows, this is used by dotnet apps and PowerShell to be able to speak to tls 1.2 endpoints

Actions

  • configure: Configures the setting

Properties

propertytypedefaultdescription
use_strong_cryptoTrue, FalsetrueEnables or disables the setting

windows_user_privilege

Adds theprincipal (User/Group) to the specified privileges (such asLogon as a batch job orLogon as a Service).

Actions

  • :add - add the specified privileges to theprincipal
  • :remove - remove the specified privilege of theprincipal

Properties

  • principal - Name attribute, Required, String. The user or group to be granted privileges.
  • privilege - Required, String/Array. The privilege(s) to be granted.

Examples

Grant the Administrator user theLogon as a batch job andLogon as a service privilege.

windows_user_privilege'Administrator'doprivilege%w(SeBatchLogonRightSeServiceLogonRight)end

RemoveLogon as a batch job privilege of Administrator.

windows_user_privilege'Administrator'doprivilege%w(SeBatchLogonRight)action:removeend

Available Privileges

SeTrustedCredManAccessPrivilege      Access Credential Manager as a trusted callerSeNetworkLogonRight                  Access this computer from the networkSeTcbPrivilege                       Act as part of the operating systemSeMachineAccountPrivilege            Add workstations to domainSeIncreaseQuotaPrivilege             Adjust memory quotas for a processSeInteractiveLogonRight              Allow log on locallySeRemoteInteractiveLogonRight        Allow log on through Remote Desktop ServicesSeBackupPrivilege                    Back up files and directoriesSeChangeNotifyPrivilege              Bypass traverse checkingSeSystemtimePrivilege                Change the system timeSeTimeZonePrivilege                  Change the time zoneSeCreatePagefilePrivilege            Create a pagefileSeCreateTokenPrivilege               Create a token objectSeCreateGlobalPrivilege              Create global objectsSeCreatePermanentPrivilege           Create permanent shared objectsSeCreateSymbolicLinkPrivilege        Create symbolic linksSeDebugPrivilege                     Debug programsSeDenyNetworkLogonRight              Deny access this computer from the networkSeDenyBatchLogonRight                Deny log on as a batch jobSeDenyServiceLogonRight              Deny log on as a serviceSeDenyInteractiveLogonRight          Deny log on locallySeDenyRemoteInteractiveLogonRight    Deny log on through Remote Desktop ServicesSeEnableDelegationPrivilege          Enable computer and user accounts to be trusted for delegationSeRemoteShutdownPrivilege            Force shutdown from a remote systemSeAuditPrivilege                     Generate security auditsSeImpersonatePrivilege               Impersonate a client after authenticationSeIncreaseWorkingSetPrivilege        Increase a process working setSeIncreaseBasePriorityPrivilege      Increase scheduling prioritySeLoadDriverPrivilege                Load and unload device driversSeLockMemoryPrivilege                Lock pages in memorySeBatchLogonRight                    Log on as a batch jobSeServiceLogonRight                  Log on as a serviceSeSecurityPrivilege                  Manage auditing and security logSeRelabelPrivilege                   Modify an object labelSeSystemEnvironmentPrivilege         Modify firmware environment valuesSeManageVolumePrivilege              Perform volume maintenance tasksSeProfileSingleProcessPrivilege      Profile single processSeSystemProfilePrivilege             Profile system performanceSeUnsolicitedInputPrivilege          "Read unsolicited input from a terminal device"SeUndockPrivilege                    Remove computer from docking stationSeAssignPrimaryTokenPrivilege        Replace a process level tokenSeRestorePrivilege                   Restore files and directoriesSeShutdownPrivilege                  Shut down the systemSeSyncAgentPrivilege                 Synchronize directory service dataSeTakeOwnershipPrivilege             Take ownership of files or other objects

windows_zipfile

Note: This resource has been deprecated as Chef Infra Client 15.0 shipped with a new archive_file resource, which natively handles multiple archive formats. Please update any cookbooks using this resource to instead use thearchive_file resource:https://docs.chef.io/resource_archive_file.html

Most versions of Windows do not ship with native cli utility for managing compressed files. This resource provides a pure-ruby implementation for managing zip files. Be sure to use thenot_if oronly_if meta parameters to guard the resource for idempotence or action will be taken every Chef run.

Actions

  • :unzip - unzip a compressed file
  • :zip - zip a directory (recursively)

Properties

  • path - name attribute. The path where files will be (un)zipped to.
  • source - source of the zip file (either a URI or local path) for :unzip, or directory to be zipped for :zip.
  • overwrite - force an overwrite of the files if they already exist.
  • checksum - for :unzip, useful if source is remote, if the local file matches the SHA-256 checksum, Chef will not download it.

Examples

Unzip a remote zip file locally

windows_zipfile'c:/bin'dosource'http://download.sysinternals.com/Files/SysinternalsSuite.zip'action:unzipnot_if{::File.exists?('c:/bin/PsExec.exe')}end

Unzip a local zipfile

windows_zipfile'c:/the_codez'dosource'c:/foo/baz/the_codez.zip'action:unzipend

Create a local zipfile

windows_zipfile'c:/foo/baz/the_codez.zip'dosource'c:/the_codez'action:zipend

Libraries

WindowsHelper

Helper that allows you to use helpful functions in windows

installed_packages

Returns a hash of all DisplayNames installed

# usage in a recipe::Chef::DSL::Recipe.send(:include,Windows::Helper)hash_of_installed_packages=installed_packages

is_package_installed?

  • package_name - The name of the package you want to query to see if it is installed
  • returns - true if the package is installed, false if it the package is not installed

Download a file if a package isn't installed

# usage in a recipe to not download a file if package is already installed::Chef::DSL::Recipe.send(:include,Windows::Helper)is_win_sdk_installed=is_package_installed?('Windows Software Development Kit')remote_file'C:\windows\temp\windows_sdk.zip'dosource'http://url_to_download/windows_sdk.zip'action:create_if_missingnot_if{is_win_sdk_installed}end

Do something if a package is installed

# usage in a providerincludeWindows::Helperifis_package_installed?('Windows Software Development Kit')# do something if package is installedend

Windows::VersionHelper

Helper that allows you to get information on the windows version running on your node. It leverages windows ohai from kernel.os_info, easy to mock and to use even on Linux.

core_version?

Determines whether the given node is running on a Windows Core.

if ::Windows::VersionHelper.core_version?nodefail'Windows Core is not supported'end

workstation_version?

Determines whether the given node is a windows workstation version (XP, Vista, 7, 8, 8.1, 10)

if ::Windows::VersionHelper.workstation_version?nodefail'Only server version of windows are supported'end

server_version?

Determines whether the given node is a windows server version (Server 2003, Server 2008, Server 2012, Server 2016)

if ::Windows::VersionHelper.server_version?nodeputs'Server version of windows are cool'end

nt_version

Determines NT version of the given node

case ::Windows::VersionHelper.nt_versionnodewhen'6.0'then'Windows vista or Server 2008'when'6.1'then'Windows 7 or Server 2008R2'when'6.2'then'Windows 8 or Server 2012'when'6.3'then'Windows 8.1 or Server 2012R2'when'10.0'then'Windows 10'end

Usage

Place an explicit dependency on this cookbook (using depends in the cookbook's metadata.rb) from any cookbook where you would like to use the Windows-specific resources/providers that ship with this cookbook.

depends'windows'

License & Authors

Copyright 2011-2018, Chef Software, Inc.Copyright 2010, VMware, Inc.Copyright 2011, Business Intelligence Associates, IncCopyright 2012, Nordstrom, Inc.Licensed under the Apache License, Version 2.0 (the "License");you may not use this file except in compliance with the License.You may obtain a copy of the License at    http://www.apache.org/licenses/LICENSE-2.0Unless required by applicable law or agreed to in writing, softwaredistributed under the License is distributed on an "AS IS" BASIS,WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.See the License for the specific language governing permissions andlimitations under the License.

About

Development repository for Chef Cookbook windows

Topics

Resources

License

Code of conduct

Stars

Watchers

Forks

Packages

No packages published

Contributors110

Languages

[8]ページ先頭
©2009-2025 Movatter.jp