• Stars
    star
    252
  • Rank 161,312 (Top 4 %)
  • Language
    Ruby
  • License
    Apache License 2.0
  • Created almost 13 years ago
  • Updated over 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Development repository for Chef Cookbook windows

Windows Cookbook

Build status Cookbook Version

Provides a set of Windows-specific resources to aid in the creation of cookbooks/recipes targeting the Windows platform.

EOL Notice

This cookbook is no longer required for managing Windows nodes with Chef Infra. The necessary resources and helpers are now built into Chef Infra Client itself. These built-in resources are more feature rich and execute faster.

Requirements

Platforms

  • Windows 7 (EOL)
  • Windows Server 2008 R2 (EOL)
  • Windows 8, 8.1
  • Windows Server 2012 (R1, R2)
  • Windows Server 2016

Chef

  • Chef 14.7+

Resources

windows_certificate_binding

Binds a certificate to an HTTP port to enable TLS communication.

Actions

  • :create - creates or updates a binding.
  • :delete - deletes a binding.

Properties

  • cert_name - name attribute. The thumbprint(hash) or subject that identifies the certificate to be bound.
  • name_kind - indicates the type of cert_name. One of :subject (default) or :hash.
  • address - the address to bind against. Default is 0.0.0.0 (all IP addresses). One of:
    • IP v4 address 1.2.3.4
    • IP v6 address [::1]
    • Host name www.foo.com
  • port - the port to bind against. Default is 443.
  • app_id - the GUID that defines the application that owns the binding. Default is the values used by IIS.
  • store_name - the store to locate the certificate in. One of:
    • MY (Personal)
    • CA (Intermediate Certification Authorities)
    • ROOT (Trusted Root Certification Authorities)
    • TRUSTEDPUBLISHER (Trusted Publishers)
    • CLIENTAUTHISSUER (Client Authentication Issuers)
    • REMOTE DESKTOP (Remote Desktop)
    • TRUSTEDDEVICES (Trusted Devices)
    • WEBHOSTING (Web Hosting)
    • AUTHROOT (Third-Party Root Certification Authorities)
    • TRUSTEDPEOPLE (Trusted People)
    • SMARTCARDROOT (Smart Card Trusted Roots)
    • TRUST (Enterprise Trust)

Examples

# Bind the first certificate matching the subject to the default TLS port
windows_certificate_binding "me.acme.com" do
end
# Bind a cert from the CA store with the given hash to port 4334
windows_certificate_binding "me.acme.com" do
    cert_name    "d234567890a23f567c901e345bc8901d34567890"
    name_kind    :hash
    store_name    "CA"
    port        4334
end

windows_dns

Note: This resource is now included in Chef 15 and later. If you are using newer versions of windows then should use the core resource instead of windows_dns.

Configures A and CNAME records in Windows DNS. This requires the DNSCMD to be installed, which is done by adding the DNS role to the server or installing the Remote Server Admin Tools.

Actions

  • :create: creates/updates the DNS entry
  • :delete: deletes the DNS entry

Properties

  • host_name: name attribute. FQDN of the entry to act on.
  • dns_server: the DNS server to update. Default is local machine (.)
  • record_type: the type of record to create. One of A (default) or CNAME
  • target: for A records an array of IP addresses to associate with the host; for CNAME records the FQDN of the host to alias
  • ttl: if > 0 then set the time to live of the record

Examples

# Create A record linked to 2 addresses with a 10 minute ttl
windows_dns "m1.chef.test" do
    target         ['10.9.8.7', '1.2.3.4']
    ttl            600
end
# Delete records. target is mandatory although not used
windows_dns "m1.chef.test" do
    action    :delete
    target    []
end
# Set an alias against the node in a role
nodes = search( :node, "role:my_service" )
windows_dns "myservice.chef.test" do
    record_type    'CNAME'
    target        nodes[0]['fqdn']
end

windows_http_acl

Sets the Access Control List for an http URL to grant non-admin accounts permission to open HTTP endpoints.

Actions

  • :create - creates or updates the ACL for a URL.
  • :delete - deletes the ACL from a URL.

Properties

  • url - the name of the url to be created/deleted.
  • sddl - the DACL string configuring all permissions to URL. Mandatory for create if user is not provided. Can't be use with user.
  • user - the name (domain\user) of the user or group to be granted permission to the URL. Mandatory for create if sddl is not provided. Can't be use with sddl. Only one user or group can be granted permission so this replaces any previously defined entry. If you receive a parameter error your user may not exist.

Examples

windows_http_acl 'http://+:50051/' do
    user 'pc\\fred'
end
# Grant access to users "NT SERVICE\WinRM" and "NT SERVICE\Wecsvc" via sddl
windows_http_acl 'http://+:5985/' do
  sddl 'D:(A;;GX;;;S-1-5-80-569256582-2953403351-2909559716-1301513147-412116970)(A;;GX;;;S-1-5-80-4059739203-877974739-1245631912-527174227-2996563517)'
end
windows_http_acl 'http://+:50051/' do
    action :delete
end

windows_schannel

Used to configure the schannel security settings in windows, this is used by dotnet apps and PowerShell to be able to speak to tls 1.2 endpoints

Actions

  • configure: Configures the setting

Properties

property type default description
use_strong_crypto True, False true Enables or disables the setting

windows_user_privilege

Adds the principal (User/Group) to the specified privileges (such as Logon as a batch job or Logon as a Service).

Actions

  • :add - add the specified privileges to the principal
  • :remove - remove the specified privilege of the principal

Properties

  • principal - Name attribute, Required, String. The user or group to be granted privileges.
  • privilege - Required, String/Array. The privilege(s) to be granted.

Examples

Grant the Administrator user the Logon as a batch job and Logon as a service privilege.

windows_user_privilege 'Administrator' do
  privilege %w(SeBatchLogonRight SeServiceLogonRight)
end

Remove Logon as a batch job privilege of Administrator.

windows_user_privilege 'Administrator' do
  privilege %w(SeBatchLogonRight)
  action :remove
end

Available Privileges

SeTrustedCredManAccessPrivilege      Access Credential Manager as a trusted caller
SeNetworkLogonRight                  Access this computer from the network
SeTcbPrivilege                       Act as part of the operating system
SeMachineAccountPrivilege            Add workstations to domain
SeIncreaseQuotaPrivilege             Adjust memory quotas for a process
SeInteractiveLogonRight              Allow log on locally
SeRemoteInteractiveLogonRight        Allow log on through Remote Desktop Services
SeBackupPrivilege                    Back up files and directories
SeChangeNotifyPrivilege              Bypass traverse checking
SeSystemtimePrivilege                Change the system time
SeTimeZonePrivilege                  Change the time zone
SeCreatePagefilePrivilege            Create a pagefile
SeCreateTokenPrivilege               Create a token object
SeCreateGlobalPrivilege              Create global objects
SeCreatePermanentPrivilege           Create permanent shared objects
SeCreateSymbolicLinkPrivilege        Create symbolic links
SeDebugPrivilege                     Debug programs
SeDenyNetworkLogonRight              Deny access this computer from the network
SeDenyBatchLogonRight                Deny log on as a batch job
SeDenyServiceLogonRight              Deny log on as a service
SeDenyInteractiveLogonRight          Deny log on locally
SeDenyRemoteInteractiveLogonRight    Deny log on through Remote Desktop Services
SeEnableDelegationPrivilege          Enable computer and user accounts to be trusted for delegation
SeRemoteShutdownPrivilege            Force shutdown from a remote system
SeAuditPrivilege                     Generate security audits
SeImpersonatePrivilege               Impersonate a client after authentication
SeIncreaseWorkingSetPrivilege        Increase a process working set
SeIncreaseBasePriorityPrivilege      Increase scheduling priority
SeLoadDriverPrivilege                Load and unload device drivers
SeLockMemoryPrivilege                Lock pages in memory
SeBatchLogonRight                    Log on as a batch job
SeServiceLogonRight                  Log on as a service
SeSecurityPrivilege                  Manage auditing and security log
SeRelabelPrivilege                   Modify an object label
SeSystemEnvironmentPrivilege         Modify firmware environment values
SeManageVolumePrivilege              Perform volume maintenance tasks
SeProfileSingleProcessPrivilege      Profile single process
SeSystemProfilePrivilege             Profile system performance
SeUnsolicitedInputPrivilege          "Read unsolicited input from a terminal device"
SeUndockPrivilege                    Remove computer from docking station
SeAssignPrimaryTokenPrivilege        Replace a process level token
SeRestorePrivilege                   Restore files and directories
SeShutdownPrivilege                  Shut down the system
SeSyncAgentPrivilege                 Synchronize directory service data
SeTakeOwnershipPrivilege             Take ownership of files or other objects

windows_zipfile

Note: This resource has been deprecated as Chef Infra Client 15.0 shipped with a new archive_file resource, which natively handles multiple archive formats. Please update any cookbooks using this resource to instead use the archive_file resource: https://docs.chef.io/resource_archive_file.html

Most versions of Windows do not ship with native cli utility for managing compressed files. This resource provides a pure-ruby implementation for managing zip files. Be sure to use the not_if or only_if meta parameters to guard the resource for idempotence or action will be taken every Chef run.

Actions

  • :unzip - unzip a compressed file
  • :zip - zip a directory (recursively)

Properties

  • path - name attribute. The path where files will be (un)zipped to.
  • source - source of the zip file (either a URI or local path) for :unzip, or directory to be zipped for :zip.
  • overwrite - force an overwrite of the files if they already exist.
  • checksum - for :unzip, useful if source is remote, if the local file matches the SHA-256 checksum, Chef will not download it.

Examples

Unzip a remote zip file locally

windows_zipfile 'c:/bin' do
  source 'http://download.sysinternals.com/Files/SysinternalsSuite.zip'
  action :unzip
  not_if {::File.exists?('c:/bin/PsExec.exe')}
end

Unzip a local zipfile

windows_zipfile 'c:/the_codez' do
  source 'c:/foo/baz/the_codez.zip'
  action :unzip
end

Create a local zipfile

windows_zipfile 'c:/foo/baz/the_codez.zip' do
  source 'c:/the_codez'
  action :zip
end

Libraries

WindowsHelper

Helper that allows you to use helpful functions in windows

installed_packages

Returns a hash of all DisplayNames installed

# usage in a recipe
::Chef::DSL::Recipe.send(:include, Windows::Helper)
hash_of_installed_packages = installed_packages

is_package_installed?

  • package_name - The name of the package you want to query to see if it is installed
  • returns - true if the package is installed, false if it the package is not installed

Download a file if a package isn't installed

# usage in a recipe to not download a file if package is already installed
::Chef::DSL::Recipe.send(:include, Windows::Helper)
is_win_sdk_installed = is_package_installed?('Windows Software Development Kit')

remote_file 'C:\windows\temp\windows_sdk.zip' do
  source 'http://url_to_download/windows_sdk.zip'
  action :create_if_missing
  not_if {is_win_sdk_installed}
end

Do something if a package is installed

# usage in a provider
include Windows::Helper
if is_package_installed?('Windows Software Development Kit')
  # do something if package is installed
end

Windows::VersionHelper

Helper that allows you to get information on the windows version running on your node. It leverages windows ohai from kernel.os_info, easy to mock and to use even on Linux.

core_version?

Determines whether the given node is running on a Windows Core.

if ::Windows::VersionHelper.core_version? node
  fail 'Windows Core is not supported'
end

workstation_version?

Determines whether the given node is a windows workstation version (XP, Vista, 7, 8, 8.1, 10)

if ::Windows::VersionHelper.workstation_version? node
  fail 'Only server version of windows are supported'
end

server_version?

Determines whether the given node is a windows server version (Server 2003, Server 2008, Server 2012, Server 2016)

if ::Windows::VersionHelper.server_version? node
  puts 'Server version of windows are cool'
end

nt_version

Determines NT version of the given node

case ::Windows::VersionHelper.nt_version node
  when '6.0' then 'Windows vista or Server 2008'
  when '6.1' then 'Windows 7 or Server 2008R2'
  when '6.2' then 'Windows 8 or Server 2012'
  when '6.3' then 'Windows 8.1 or Server 2012R2'
  when '10.0' then 'Windows 10'
end

Usage

Place an explicit dependency on this cookbook (using depends in the cookbook's metadata.rb) from any cookbook where you would like to use the Windows-specific resources/providers that ship with this cookbook.

depends 'windows'

License & Authors

Copyright 2011-2018, Chef Software, Inc.
Copyright 2010, VMware, Inc.
Copyright 2011, Business Intelligence Associates, Inc
Copyright 2012, Nordstrom, Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

More Repositories

1

cookbooks

DEPRECATED: This repository has been split up into separate repositories by cookbook under the "opscode-cookbooks" organization.
1,495
star
2

chef-repo

DEPRECATED: Use of this repository is deprecated. We recommend using the chef generate repo command that comes with ChefDK.
859
star
3

vagrant-omnibus

A Vagrant plugin that ensures the desired version of Chef is installed via the platform-specific Omnibus packages.
Ruby
551
star
4

devops-kungfu

Chef Style DevOps Kung fu
JavaScript
528
star
5

chef-provisioning

A library for creating machines and infrastructures idempotently in Chef.
Ruby
524
star
6

chef-dk

DEPRECATED: A streamlined development and deployment workflow for Chef Infra platform.
Ruby
384
star
7

chef-fundamentals

DEPRECATED: Chef Fundamentals training materials
CSS
205
star
8

database

DEPRECATED: Development repository for Chef database cookbook
Ruby
186
star
9

chef-client

Development repository for Chef Client cookbook
Ruby
175
star
10

stove

DEPRECATED: A utility for packaging and releasing Chef cookbooks
Ruby
168
star
11

minitest-chef-handler

Run minitest suites after your Chef recipes to check the status of your system.
Ruby
164
star
12

knife-rackspace

Chef knife plug-in for Rackspace
Ruby
153
star
13

chef-rfc

Public RFCs for Chef and related projects
Ruby
148
star
14

chef-provisioning-aws

AWS driver and resources for Chef that uses the AWS SDK
Ruby
142
star
15

sudo

Development repository for sudo cookbook
Ruby
117
star
16

build-essential

Development repository for build-essential Chef Cookbook
Ruby
116
star
17

chef-api

DEPRECATED: A tiny Chef API client with minimal dependencies
Ruby
107
star
18

chef-provisioning-docker

Docker provisioner for chef-provisioning
Ruby
93
star
19

erchef

DEPRECATED: Erlang based Chef Server top-level OTP release project
Erlang
89
star
20

knife-acl

knife plugin for working with ACLs on Chef Server
Ruby
81
star
21

delivery-cli

The command line tool for the workflow capabilities in Chef Automate.
Rust
80
star
22

knife-linode

DEPRECATED: Chef knife plug-in for Linode
Ruby
78
star
23

omnibus-chef

Omnibus packaging for Chef
77
star
24

chef-web-docs-2016

DEPRECATED - All The Documentation
HTML
75
star
25

omnibus_updater

DEPRECATED: Chef cookbook to update the omnibus packaged Chef client
Ruby
74
star
26

openssl

Development repository for openssl cookbook
Ruby
74
star
27

terraform-provisioner-inspec

Terraform InSpec Provisioner Plugin
Go
68
star
28

rails-quick-start

DEPRECATED: Repository used with the Chef Rails Quick Start Guide
HTML
63
star
29

ubuntu

Development repository for Chef Cookbook ubuntu
Ruby
61
star
30

chef-vault

chef-vault cookbook
Ruby
61
star
31

route53

DEPRECATED: Provides resources for adding and removing records from Amazon Route53
Ruby
60
star
32

knife-container

DEPRECATED: Container support for Chef's Knife Command
Ruby
57
star
33

audit

Audit Cookbook for Chef Compliance
Ruby
57
star
34

chef-provisioning-fog

Fog driver for Chef Provisioning
Ruby
54
star
35

chef_nginx

Chef Software support NGINX cookbook
Ruby
53
star
36

quick-reference

quick reference documentation
52
star
37

ohai

Development repository for Chef Cookbook ohai
Ruby
49
star
38

chef_handler

DEPRECATED: Development repository for Chef Cookbook chef_handler
Ruby
49
star
39

dmg

Development repository for dmg Chef cookbook
Ruby
45
star
40

omnibus-chef-server

Deprecated: Omnibus packaging for Opscode Chef Server (OSC 11.x only).
Ruby
44
star
41

inspec-aws-old

[Deprecated] This is integrated in InSpec 2.0 now
Ruby
42
star
42

django-quick-start

DEPRECATED: Django Quick Start Guide Chef Repository
40
star
43

hubot

DEPRECATED: Chef cookbook for deploying and managing an instance of Github's Hubot.
Ruby
40
star
44

httpd

DEPRECATED: Library cookbook with Apache httpd primitives
Ruby
39
star
45

aws_native_chef_server

Cloudformation templates for building a scalable cloud-native Chef Server on AWS
Shell
37
star
46

delivery-truck

DEPRECATED: Delivery build cb for pipelines
Ruby
36
star
47

bluepill

Development repository for bluepill Chef Cookbook
Ruby
35
star
48

unicorn

DEPRECATED: Development repository for Chef Cookbook unicorn
Ruby
34
star
49

chef-server-cluster

DEPRECATED: Chef Cookbook to manage Chef Clusters
Ruby
33
star
50

opscode-packages

Packages of Opscode Software for various platforms
Ruby
33
star
51

openstack-chef-repo

DEPRECATED: Chef Repository for OpenStack
Ruby
32
star
52

cookbook-guide

Chef Technical Alliances guide for writing quality cookbooks
Ruby
31
star
53

tar

Deprecated: Chef cookbook for tar packages
Ruby
31
star
54

audit-cis

DEPRECATED: Recipes to perform chef audit mode check for CIS Benchmarks
Ruby
31
star
55

omnibus

Prepares a machine to be an Omnibus builder. ┬──┬◡ノ(° -°ノ)
Ruby
28
star
56

libarchive

Deprecated: A library cookbook for manipulating archive files
Ruby
28
star
57

resource

DEPRECATED: Easier, More Powerful Chef Resources
27
star
58

chef-sugar

Ruby
27
star
59

ruby

DEPRECATED: Chef Cookbook for Managing Ruby from Packages
Ruby
27
star
60

locale

Chef cookbook to configure the system locale on Linux systems
Ruby
26
star
61

chef-server-webui

DEPRECATED: Web Interface to Open Source Chef Server 11
JavaScript
24
star
62

private-chef-administration

DEPRECATED: Private Chef Administration Guide
Python
24
star
63

bookshelf

DEPRECATED: Minimal S3 Clone
Erlang
24
star
64

opscode-agent

Opscode Agent, providing RESTful and AMQP access to Chef and Ohai
Ruby
23
star
65

pantry-chef-repo

A Chef Repository For Pantry
Shell
22
star
66

habitat

Chef Cookbook for Habitat
Ruby
22
star
67

chef-provisioning-vagrant

Vagrant provisioner for chef-provisioning
Ruby
22
star
68

microsoft_azure

Windows Azure Cookbook for Chef
Ruby
21
star
69

chef-init

PID1 for your Chef containers
Ruby
21
star
70

knife-opc

Knife plugin for managing Chef Server Organizations
Ruby
21
star
71

zsh

DEPRECATED: Development repository for Chef Cookbook zsh
Ruby
21
star
72

push-jobs-cookbook

Development repository for Chef Cookbook push-jobs
Ruby
21
star
73

chef-provisioning-azure

DEPRECATED: Azure driver for chef-provisioning!
Ruby
21
star
74

delivery-cluster

DEPRECATED: Deployment cookbook for standing up Delivery clusters using chef-provisioning.
Ruby
20
star
75

gunicorn

DEPRECATED: Development repository for Chef Cookbook gunicorn
Ruby
20
star
76

dsc

DEPRECATED: Preview of PowerShell Desired State Configuration (DSC) integration with the Chef DSL
Ruby
19
star
77

cis-el7-l1-hardening

Hardening cookbook for CIS Level 1 for RHEL 7 based operating systems
Ruby
19
star
78

logwatch

Development repository for Chef Cookbook logwatch
Ruby
19
star
79

ec-metal

Chef Provisioning-based tool for creating, managing and testing Enterprise Chef HA clusters
Ruby
19
star
80

inspec-vmware

InSpec VMware Resource Pack (Incubation)
Ruby
19
star
81

whitelist-node-attrs

Look here:
Ruby
18
star
82

java-quick-start

DEPRECATED: Chef Java Quick Start Guide
18
star
83

community-summits

Wikis to capture notes for Community Summits
18
star
84

whitelist-node-attrs-cookbook

DEPRECATED: Development repository for whitelist-node-attrs cookbook
Ruby
18
star
85

activemq

Development repository for activemq Chef Cookbook
Ruby
18
star
86

chef-server-cloudformation-templates

Collection of AWS Cloudformation templates for installing Chef Server 12 on EC2
17
star
87

php-quick-start

DEPRECATED: PHP quickstart guide for Chef
17
star
88

knife-eucalyptus

Chef knife plug-in for Eucalyptus
Ruby
16
star
89

lambda_ebs_snapshot

Terraform config for automatic EBS snapshots
HCL
16
star
90

knife-push

knife commands for Chef Push Jobs
Ruby
16
star
91

opscode-pushy-server

Chef Push Jobs Server
Erlang
16
star
92

chef-provisioning-ssh

Provision Machines Via SSH or WinRM Using Chef Provisioning
Ruby
15
star
93

automeck

Streamlines setting up and using meck-based mocks
Erlang
15
star
94

compat_resource

Cookbook to bring some features from future Chef to earlier versions
Ruby
15
star
95

chef-container

Official build definitions for Chef's Docker images
Ruby
14
star
96

chef_wm

DEPRECATED repository. Now lives in chef-server.
Erlang
14
star
97

opscode-omnibus

Deprecated: Omnibus packaging for Chef Server - Use Chef Server Instead
Ruby
14
star
98

win32-sound

A Ruby library for playing and controlling sounds on MS Windows.
Ruby
13
star
99

chef-pedant

DEPRECATED Integration Test Suite for Chef Sever - replaced with oc-chef-pedant
Ruby
13
star
100

chef-server-solo-install

Bootstrap a Chef Server via Chef Solo
Ruby
13
star