Provisioning using knife ec2 create server (Windows 2012 r2)
Closed this issue · 5 comments
Hi All,
I hope that you can help, here we go; I am building a Windows 2012 r2 server on AWS using knife chef.
I am able to build a linux instance and create a client node within chef using the "knife ec2 server create" , and when I build a windows server I am able to create the instance but it fails when it tries to connect to the chef servers and install the client software with the following error:
/opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/excon-0.52.0/lib/excon/middlewares/expects.rb:7:in `response_call': RequestLimitExceeded => Request limit exceeded. (Fog::Compute::AWS::Error)
I have spent so much time trying to solve this problem but no joy, thank you for your help.
Regards,
Tony.
#----- Command used from Build workstation with developers kit ------#
knife ec2 server create -N KNIFE-Windows1 -I ami-c7635ea4 -f t2.medium --subnet subnet-6198ce04
--ssh-key somename --identity-file /root/chef-repo/.chef/somename.pem
-c /root/chef-repo/.chef/knife.rb --security-group-ids sg-b91b17dd --associate-public-ip
--private-ip-address 10.8.0.11 --user-data bsps_1.txt -VV
#----- knife.rb config file -----#
[root@dev-chef-ws chef-repo]# cat .chef/knife.rb
See https://docs.getchef.com/config_rb_knife.html for more information on knife configuration options
current_dir = File.dirname(FILE)
log_level :info
log_location STDOUT
node_name "chefadmin"
client_key "#{current_dir}/chefadmin.pem"
chef_server_url "https://dev-chef-master.osmotion.com.au/organizations/osmotion"
cache_type 'BasicFile'
syntax_check_cache_path "#{ENV['HOME']}/.chef/syntaxcache"
cookbook_path ["#{current_dir}/../cookbooks"]
knife[:aws_access_key_id] = "nnnnnnnnnnn"
knife[:aws_secret_access_key] = "nnnnnnnn"
knife[:region] = "ap-southeast-2"
knife[:identity_file] = "/root/chef-repo/.chef/dev_apac_osmo.pem"
[root@dev-chef-ws chef-repo]#
#----- User-Data -----#
[root@dev-chef-ws chef-repo]# cat bsps_1.txt
winrm quickconfig -q
winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="300"}'
winrm set winrm/config '@{MaxTimeoutms="1800000"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
winrm set winrm/config/service/auth '@{Basic="true"}'
netsh advfirewall firewall add rule name="WinRM 5985" protocol=TCP dir=in localport=5985 action=allow
netsh advfirewall firewall add rule name="WinRM 5986" protocol=TCP dir=in localport=5986 action=allow
NetSh Advfirewall set allprofiles state off
net stop winrm
sc config winrm start=auto
net start winrm
#----- Where it starts to fail -----#
Waiting for Windows Admin password to be availableDEBUG: Looking for key region and found value ap-southeast-2
#----- The error -----#
DEBUG: Looking for key aws_session_token and found value
/opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/excon-0.52.0/lib/excon/middlewares/expects.rb:7:in response_call': RequestLimitExceeded => Request limit exceeded. (Fog::Compute::AWS::Error) from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/excon-0.52.0/lib/excon/middlewares/response_parser.rb:9:in response_call'
from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/excon-0.52.0/lib/excon/connection.rb:388:in response' from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/excon-0.52.0/lib/excon/connection.rb:252:in request'
from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/excon-0.52.0/lib/excon/middlewares/idempotent.rb:27:in error_call' from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/excon-0.52.0/lib/excon/middlewares/base.rb:11:in error_call'
from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/excon-0.52.0/lib/excon/middlewares/base.rb:11:in error_call' from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/excon-0.52.0/lib/excon/connection.rb:272:in rescue in request'
from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/excon-0.52.0/lib/excon/connection.rb:215:in request' from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/excon-0.52.0/lib/excon/middlewares/idempotent.rb:27:in error_call'
from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/excon-0.52.0/lib/excon/middlewares/base.rb:11:in error_call' from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/excon-0.52.0/lib/excon/middlewares/base.rb:11:in error_call'
from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/excon-0.52.0/lib/excon/connection.rb:272:in rescue in request' from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/excon-0.52.0/lib/excon/connection.rb:215:in request'
from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/excon-0.52.0/lib/excon/middlewares/idempotent.rb:27:in error_call' from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/excon-0.52.0/lib/excon/middlewares/base.rb:11:in error_call'
from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/excon-0.52.0/lib/excon/middlewares/base.rb:11:in error_call' from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/excon-0.52.0/lib/excon/connection.rb:272:in rescue in request'
from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/excon-0.52.0/lib/excon/connection.rb:215:in request' from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/fog-xml-0.1.2/lib/fog/xml/sax_parser_connection.rb:35:in request'
from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/fog-xml-0.1.2/lib/fog/xml/connection.rb:7:in request' from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/fog-aws-0.12.0/lib/fog/aws/compute.rb:527:in _request'
from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/fog-aws-0.12.0/lib/fog/aws/compute.rb:522:in request' from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/fog-aws-0.12.0/lib/fog/aws/requests/compute/get_password_data.rb:24:in get_password_data'
from /root/.chefdk/gem/ruby/2.3.0/gems/knife-ec2-0.14.0/lib/chef/knife/ec2_server_create.rb:1384:in check_windows_password_available' from /root/.chefdk/gem/ruby/2.3.0/gems/knife-ec2-0.14.0/lib/chef/knife/ec2_server_create.rb:1395:in windows_password'
from /root/.chefdk/gem/ruby/2.3.0/gems/knife-ec2-0.14.0/lib/chef/knife/ec2_server_create.rb:758:in bootstrap_for_windows_node' from /root/.chefdk/gem/ruby/2.3.0/gems/knife-ec2-0.14.0/lib/chef/knife/ec2_server_create.rb:594:in run'
from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/chef-12.14.89/lib/chef/knife.rb:430:in block in run_with_pretty_exceptions' from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/chef-12.14.89/lib/chef/local_mode.rb:44:in with_server_connectivity'
from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/chef-12.14.89/lib/chef/knife.rb:429:in run_with_pretty_exceptions' from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/chef-12.14.89/lib/chef/knife.rb:219:in run'
from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/chef-12.14.89/lib/chef/application/knife.rb:156:in run' from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/chef-12.14.89/bin/knife:25:in <top (required)>'
from /opt/chefdk/bin/knife:57:in load' from /opt/chefdk/bin/knife:57:in
[root@dev-chef-ws chef-repo]#
@rockape For creating windows server through knife ec2 you may use --ssh-key somekey --winrm-transport ssl --winrm-ssl-verify-mode verify_none -g <security-group-id>. Please make sure that your --security-group-ids has ports 5986,5985,3389 added.
Sample command would be like :
knife ec2 server create --node-name win2k12 -I ami-df8767bf -f t2.micro -x .\<username> -P "<password>" --ssh-key somekey --winrm-transport ssl --winrm-ssl-verify-mode verify_none --security-group-ids <security-groupId>
Hope it helps !
OR
Please use below --user-data content :
$user="YOUR-USER-NAME"
$password="YOUR-PASSWORD"
net user /add $user $password;
net localgroup Administrators /add $user;
winrm quickconfig -q
winrm create winrm/config/Listener?Address=*+Transport=HTTP
winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="300"}'
winrm set winrm/config '@{MaxTimeoutms="1800000"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
winrm set winrm/config/service/auth '@{Basic="true"}'
netsh advfirewall firewall add rule name="WinRM 5985" protocol=TCP dir=in localport=5985 action=allow
netsh advfirewall firewall add rule name="WinRM 5986" protocol=TCP dir=in localport=5986 action=allow
NetSh Advfirewall set allprofiles state off
net stop winrm
sc config winrm start=auto
net start winrm
With command :
knife ec2 server create -N <NODE-NAME> -I ami-bfeddca8 -f t2.micro --winrm-user '.\YOUR-USER-NAME' --winrm-password 'YOUR-PASSWORD' --ssh-key xxxx --identity-file 'D:\chef-starter\chef-repo\.chef\xxxx.pem' -g sg-a97d78d2 --user-data 'D:\user_data_dh.ps1'
Thanks dheerajd-msys,
With your help and some fine turning I have got it working, below is the knife script and the user-data file.
Regards,
Tony.
knife ec2 server create --node-name KNIFE-Windows1 -f t2.micro -I ami-c7635ea4 --subnet subnet-111ce04 -x '\user' -P 'password' --ssh-key key --identity-file /root/chef-repo/.chef/key.pem -c /root/chef-repo/.chef/knife.rb --winrm-transport ssl --winrm-ssl-verify-mode verify_none --security-group-ids sg-2b222848 --associate-public-ip --private-ip-address 10.8.0.11 --user-data bsps_1.txt -VV
winrm quickconfig -q
winrm set winrm/config/client/auth '@{Basic="true"}'
winrm set winrm/config/service/auth '@{Basic="true"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="300"}'
winrm set winrm/config '@{MaxTimeoutms="1800000"}'
netsh advfirewall firewall add rule name="WinRM 5985" protocol=TCP dir=in localport=5985 action=allow
netsh advfirewall firewall add rule name="WinRM 5986" protocol=TCP dir=in localport=5986 action=allow
netsh advfirewall set allprofiles state off
net stop winrm
sc config winrm start=auto
net start winrm
Thanks. Closing this issue now.
Just as an FYI - I've resolved this issue my end by making the following changes to the KNIFE-EC2 Gem and recompiling it.
This is all in EC2_server_create.rb
def check_windows_password_available(server_id)
sleep 10 #TODO:// Exponential backout required to prevent connection.get_password_data being called constantly.
#Added this at the start of the loop as it doesn't fire if the return false is hit
response = connection.get_password_data(server_id)
if not response.body["passwordData"]
return false
end
response.body["passwordData"]
end
This method was firing 5 times a second for me, and moving the sleep to the top of the function rather than at the end (which wasn't being hit when a return false; was hit first) has sorted this problem out.