Merge pull request #1 from nweddle/2016-kitchen

nweddle · web-flow · commit 27205e2131ae · 2017-04-12T20:58:50.000-07:00
Use dsc_resource with WS2016
diff --git a/.kitchen.ec2.yml b/.kitchen.ec2.yml
@@ -0,0 +1,54 @@
+---
+driver:
+  name: ec2
+  aws_ssh_key_id: <%= ENV["EC2_SSH_KEY_NAME"] %>
+  region: us-west-2
+  availability_zone: us-west-2c
+  security_group_ids: sg-401e0e25
+  iam_profile_name: testKitchenAndKnifeEc2
+  subnet_id: subnet-5b32ef02
+  instance_type: m3.large
+  associate_public_ip: true
+  user_data: 'windows_user_data'
+  tags:
+    Name: "fourthcoffee-localdev-kitchen-instance"
+    created-by: "test-kitchen"
+    user: <%= ENV['USER'] %>
+    X-Dept: Sales
+    X-Contact: <%= ENV['USER'] %>
+    X-Production: "false"
+
+provisioner:
+  name: chef_zero
+  require_chef_omnibus: 12.19.36
+
+verifier:
+  name: inspec
+
+platforms:
+  - name: windows-2016
+    driver_config:
+      image_id: ami-94e26af4
+    transport:
+      ssh_key: <%= ENV["EC2_SSH_KEY_PATH"] %> # change it; this is needed so kitchen can retrieve the Admin password
+
+suites:
+  - name: default
+    run_list:
+      # The test cookbook is located in test/fixtures.
+      # It is what puts secret keys, certs, etc. in place
+      - recipe[fourthcoffee::default]
+    # attributes:
+    #   demo:
+    #     domain_prefix: ''
+    #     domain: 'automate-demo.com'
+    #     enterprise: 'automate-demo'
+    #     org: 'automate'
+    #     hosts:
+    #     workstations: 1
+    #     workstation-number: 1
+    #     versions:
+    #       chefdk: 'stable-1.2.22'
+    verifier:
+      inspec_tests:
+        - test/integration/default/inspec/controls
diff --git a/Berksfile.lock b/Berksfile.lock
@@ -4,11 +4,11 @@ DEPENDENCIES
     metadata: true
 
 GRAPH
-  chef_handler (1.4.0)
-  fourthcoffee (0.1.1)
+  fourthcoffee (0.2.0)
     iis (>= 0.0.0)
     windows (>= 0.0.0)
-  iis (4.1.7)
-    windows (>= 1.34.6)
-  windows (1.41.0)
-    chef_handler (>= 0.0.0)
+  iis (6.0.1)
+    windows (>= 2.0)
+  ohai (5.0.3)
+  windows (3.0.5)
+    ohai (>= 4.0.0)
diff --git a/metadata.rb b/metadata.rb
@@ -4,7 +4,7 @@
 license          'Apache 2.0'
 description      'Installs and configures the Fourth Coffee demonstration website'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version          '0.1.1'
+version          '0.2.0'
 
 source_url       ''
 issues_url       ''
diff --git a/recipes/_classic.rb b/recipes/_classic.rb
@@ -1,6 +1,6 @@
 #
 # Cookbook Name:: fourthcoffee
-# Recipe:: default
+# Recipe:: _classic
 #
 # Copyright 2014, Chef Software, Inc.
 #
@@ -22,7 +22,7 @@
 end
 
 # Pre-requisite features for IIS-ASPNET45 that need to be installed first, in this order.
-%w{IIS-ISAPIFilter IIS-ISAPIExtensions NetFx3ServerFeatures NetFx4Extended-ASPNET45 IIS-NetFxExtensibility45}.each do |f|
+%w(IIS-ISAPIFilter IIS-ISAPIExtensions NetFx3ServerFeatures NetFx4Extended-ASPNET45 IIS-NetFxExtensibility45).each do |f|
   windows_feature f do
     action :install
   end
@@ -31,3 +31,7 @@
 windows_feature 'IIS-ASPNET45' do
   action :install
 end
+
+windows_feature 'IIS-ManagementConsole' do
+  action :install
+end
diff --git a/recipes/_dsc.rb b/recipes/_dsc.rb
@@ -1,6 +1,6 @@
 #
 # Cookbook Name:: fourthcoffee
-# Recipe:: default
+# Recipe:: _dsc
 #
 # Copyright 2014, Chef Software, Inc.
 #
@@ -18,49 +18,57 @@
 #
 
 #
-# Use the WindowsFeature DSC resource to install Web-Server and Web-Asp-Net45
+# Use the 'dsc_resource' resource (requires WMF 5.0+)
 #
 
-dsc_script 'Web-Server' do
-  code <<-EOH
-  WindowsFeature InstallWebServer
-  {
-    Name = "Web-Server"
-    Ensure = "Present"
-  }
-  EOH
+dsc_resource 'webserver' do
+  resource :windowsfeature
+  property :name, 'Web-Server'
+  property :ensure, 'Present'
 end
 
-dsc_script 'Web-Asp-Net45' do
-  code <<-EOH
-  WindowsFeature InstallDotNet45
-  {
-    Name = "Web-Asp-Net45"
-    Ensure = "Present"
-  }
-  EOH
+dsc_resource 'dotnet45' do
+  resource :windowsfeature
+  property :name, 'Web-Asp-Net45'
+  property :ensure, 'Present'
 end
 
-dsc_script 'Web-Mgmt-Console' do
-  code <<-EOH
-  WindowsFeature InstallIISConsole
-  {
-    Name = "Web-Mgmt-Console"
-    Ensure = "Present"
-  }
-  EOH
+dsc_resource 'webmgmtconsole' do
+  resource :windowsfeature
+  property :name, 'Web-Mgmt-Console'
+  property :ensure, 'Present'
 end
 
-# You can also use dsc_resource (requires PS5)
+#
+# You can also use dsc_script (requires WMF 4.0+)
+#
 
-# dsc_resource 'webserver' do
-#   resource :windowsfeature
-#   property :name, 'Web-Server'
-#   property :ensure, 'Present'
+# dsc_script 'Web-Server' do
+#   code <<-EOH
+#   WindowsFeature InstallWebServer
+#   {
+#     Name = "Web-Server"
+#     Ensure = "Present"
+#   }
+#   EOH
 # end
-
-# dsc_resource 'dotnet45' do
-#   resource :windowsfeature
-#   property :name, 'Web-Asp-Net45'
-#   property :ensure, 'Present'
+#
+# dsc_script 'Web-Asp-Net45' do
+#   code <<-EOH
+#   WindowsFeature InstallDotNet45
+#   {
+#     Name = "Web-Asp-Net45"
+#     Ensure = "Present"
+#   }
+#   EOH
+# end
+#
+# dsc_script 'Web-Mgmt-Console' do
+#   code <<-EOH
+#   WindowsFeature InstallIISConsole
+#   {
+#     Name = "Web-Mgmt-Console"
+#     Ensure = "Present"
+#   }
+#   EOH
 # end
diff --git a/windows_user_data b/windows_user_data
@@ -0,0 +1,35 @@
+<powershell>
+# Script based on examples in Bojan Rajkovic's Code Rinse Repeat blog.
+# Details: http://coderinserepeat.com/2015/07/15/chef-knife-ec2-and-knife-windows/
+
+# Set our admin password
+# $admin = [adsi]("WinNT://./Administrator, user")
+# $admin.psbase.invoke("SetPassword", "Ch4ng3m3")
+# Turn on WinRM, make sure to relax its security a bit.
+# Please don't expose the WinRM port to the world on these machines.
+# I am not responsible for anything that happens if you do.
+winrm qc -q
+winrm set winrm/config '@{MaxTimeoutms="1800000"}'
+winrm set winrm/config/service '@{AllowUnencrypted="true"}'
+winrm set winrm/config/service/auth '@{Basic="true"}'
+# Make sure to trust all hosts
+Set-Item wsman:localhost\client\trustedhosts -value * -force
+# Turn off the Windows firewall. Its default WinRM rules only allow traffic from
+# hosts in your domain and from "private" networks. Its functionality is superseded
+# by security groups anyway.
+Get-NetFirewallProfile | Set-NetFirewallProfile -Enabled False
+# Stop the WinRM service, make sure it autostarts on reboot, and start it
+net stop winrm
+sc.exe config winrm start=auto
+net start winrm
+
+# Add the chef server's hostname to hosts file
+$chefserverip = "CHEF_SERVER_IP"
+$chefserverhostname = "chef.automate-demo.com"
+$automateserverip = "AUTOMATE_SERVER_IP"
+$automateserverhostname = "automate.automate-demo.com"
+$filename = "C:\Windows\System32\drivers\etc\hosts"
+$automateserverip + "`t`t" + $automateserverhostname | Out-File -encoding ASCII -append $filename
+$chefserverip + "`t`t" + $chefserverhostname | Out-File -encoding ASCII -append $filename
+
+</powershell>
