search

CenturyLinkCloud / chef-provisioning-vsphere

A chef-provisioning provisioner for VMware vSphere
MIT License
66 stars 57 forks source link

Kitchen VM creates and works until the IP change is attemped #29

Closed gleg closed 9 years ago

gleg commented 9 years ago

I've watched the process, the VM starts and works but has the template IP. It then reboots and attempts to change the IP and won't start with an error stating that it could not parse or process the unattend file. The machine is then just stuck on a loop where it reboots with an error stating that there was a problem with the installation. If I use regedit to change the following value HKLocal machine/SYSTEM/SETUP/STATUS/ChildCompletion/setup.exe to 3 it will boot with everything working fine including the IP.

The unattend.xml before IP change and after is the same except for the mac address. Can you actually set an IP in the kitchen.yml file? It works fine if you leave the IP alone but this leaves my testing limited to one VM at a time unless I have loads of templates.

My config:


---
driver_plugin: vsphere
driver_config:
  driver_options:
    host: 'vcentre.host.net'
    user: 'gwhiting'
    password: 'password'
    insecure: true
  machine_options:
    start_timeout: 600
    create_timeout: 600
    ready_timeout: 600
    bootstrap_options:
      use_linked_clone: true
      template_name: 'vsphere-test'
      template_folder: 'Ops Test Lab/Gregs Sandbox/'
      vm_folder: 'Ops Test Lab/Gregs Sandbox/'
      datacenter: 'GS-Datacenter'
      num_cpus: 2,
      network_name:
        - VLAN-36
      memory_mb: 4096
      resource_pool: pex-vmware07.host.net
      datastore: v7000-vmware-uat12
      ssh:
        user: Administrator
        paranoid: false
        password: 'adminpw'
        port: 22
      convergence_options:
      customization_spec:
        ipsettings:
          ip: '10.128.36.186'
          subnetMask: '255.255.255.0'
          gateway:
            - 10.128.36.1
          dnsServerList:
              - 172.16.36.121
              - 172.16.36.123
        domain: my_domain.local
        domainAdmin: administrator@my_domain.local
        domainAdminPassword: my_password
        org_name: my_org
        product_id: 11111-22222-33333-44444-55555
        win_time_zone: 4

provisioner:
  name: chef_zero

platforms:
  - name: WindowsServer2012R2x64v1_2
    transport: 
      name: winrm
    driver:
       guest: windows

suites:
  - name: default
    run_list:
      - recipe[bg-chocolatey::default]
mwrock commented 9 years ago

You can set an IP in the yml but like you say that's not ideal. Not sure what's going on but one thing that stands out in your config is the ssh port is 22 and should probably just be removed.

I'll admit this is confusing that even for winrm we use the ssh config options. If you leave them alone then the driver uses the safe defaults depending on the transport.

This would prevent the driver from reaching the vm and mess up the final stages of the provisioning and may be your issue here. Try removing that and report back.

gleg commented 9 years ago

Thanks for getting back to me Matt. Removed the ssh and it does seem to use the correct winrm port. But the issue is the same, something causes that unattend.xml error at the last hurdle. I'm wondering if it's the template that could be the problem, are there any requirements there?

I can actually remote to the desktop using the template IP right before kitchen tries to change it.

Probably not related but I've also noticed that in the unattend.xml the domain is set to the VM name minus one character - < Domain>kitchen-cacc3a9</ Domain> when the VM name is kitchen-cacc3a9f.

Here is the unattend actually just in case:

<?xml version='1.0' encoding='utf-8'?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
   <settings pass="generalize" wasPassProcessed="true">
      <component name="Microsoft-Windows-PnpSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
         <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls>
      </component>
   </settings>
   <settings pass="oobeSystem">
      <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
         <OOBE>
            <SkipMachineOOBE>true</SkipMachineOOBE>
            <HideEULAPage>true</HideEULAPage>
            <SkipUserOOBE>true</SkipUserOOBE>
            <ProtectYourPC>1</ProtectYourPC>
         </OOBE>
         <TimeZone>Pacific Standard Time</TimeZone>
         <AutoLogon>
            <Enabled>true</Enabled>
            <Username>Administrator</Username>
            <LogonCount>1</LogonCount>
            <Password>
               <Value>9CF368BD23B2439CD725CBF6ADC512BC</Value>

               <PlainText>true</PlainText>
            </Password>
            <Domain>kitchen-a7d01da</Domain>
         </AutoLogon>
         <UserAccounts>
            <AdministratorPassword>
               <EncryptedValue>9CF368BD23B2439CD725CBF6ADC512BC</EncryptedValue>
               <PlainText>true</PlainText>
            </AdministratorPassword>
         </UserAccounts>
         <FirstLogonCommands>
            <SynchronousCommand wcm:action="add">
               <CommandLine>winrm set winrm/config/client/auth @{Basic="true"}</CommandLine>
               <Order>1</Order>
            </SynchronousCommand>
            <SynchronousCommand wcm:action="add">
               <CommandLine>winrm set winrm/config/service/auth @{Basic="true"}</CommandLine>
               <Order>2</Order>
            </SynchronousCommand>
            <SynchronousCommand wcm:action="add">
               <CommandLine>winrm set winrm/config/service @{AllowUnencrypted="true"}</CommandLine>
               <Order>3</Order>
            </SynchronousCommand>
            <SynchronousCommand wcm:action="add">
               <CommandLine>shutdown -l</CommandLine>
               <Order>4</Order>
            </SynchronousCommand>
         </FirstLogonCommands>
      </component>
   </settings>
   <settings pass="specialize">
      <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
         <RegisteredOwner>my_org</RegisteredOwner>
         <RegisteredOrganization>my_org</RegisteredOrganization>
         <ProductKey>11111-22222-33333-44444-55555</ProductKey>
         <ComputerName>kitchen-a7d01da</ComputerName>
      </component>
      <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
         <Identification>
            <JoinDomain>my_domain.local</JoinDomain>
            <Credentials>
               <Username>administrator@my_domain.local</Username>
               <EncryptedPassword>A7F44BACF1924F54DBA10027065E6F05</EncryptedPassword>
               <Domain>my_domain.local</Domain>
            </Credentials>
         </Identification>
      </component>
      <component name="Microsoft-Windows-DNS-Client" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
         <DNSSuffixSearchOrder>
            <DomainName wcm:action="add" wcm:keyValue="1">my_domain.local</DomainName>
         </DNSSuffixSearchOrder>
         <Interfaces>
            <Interface wcm:action="add">
               <DNSDomain>my_domain.local</DNSDomain>
               <Identifier>00-50-56-a7-b2-8a</Identifier>
               <DNSServerSearchOrder>
                  <IpAddress wcm:action="add" wcm:keyValue="1">172.16.36.121</IpAddress>
                  <IpAddress wcm:action="add" wcm:keyValue="2">172.16.36.123</IpAddress>
               </DNSServerSearchOrder>
            </Interface>
         </Interfaces>
      </component>
      <component name="Microsoft-Windows-TCPIP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
         <Interfaces>
            <Interface wcm:action="add">
               <Ipv4Settings>
                  <DhcpEnabled>false</DhcpEnabled>
               </Ipv4Settings>
               <UnicastIpAddresses>
                  <IpAddress wcm:action="add" wcm:keyValue="1">10.128.36.186/24</IpAddress>
               </UnicastIpAddresses>
               <Ipv6Settings>
                  <DhcpEnabled>true</DhcpEnabled>
               </Ipv6Settings>
               <Identifier>00-50-56-a7-b2-8a</Identifier>
               <Routes>
                  <Route wcm:action="add">
                     <Identifier>1</Identifier>
                     <Prefix>0.0.0.0/0</Prefix>
                     <NextHopAddress>10.128.36.1</NextHopAddress>
                  </Route>
               </Routes>
            </Interface>
         </Interfaces>
      </component>
      <component name="Microsoft-Windows-NetBT" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
         <Interfaces>
            <Interface wcm:action="add">
               <Identifier>00-50-56-a7-b2-8a</Identifier>
               <NetbiosOptions>0</NetbiosOptions>
            </Interface>
         </Interfaces>
      </component>
      <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
         <RunSynchronous>
            <RunSynchronousCommand wcm:action="add">
               <Path>C:\sysprep\guestcustutil.exe cleanBootExecute</Path>
               <Order>1</Order>
            </RunSynchronousCommand>
            <RunSynchronousCommand wcm:action="add">
               <Path>C:\sysprep\guestcustutil.exe flagComplete</Path>
               <Order>2</Order>
            </RunSynchronousCommand>
            <RunSynchronousCommand wcm:action="add">
               <Path>C:\sysprep\guestcustutil.exe deleteContainingFolder</Path>
               <Order>3</Order>
            </RunSynchronousCommand>
         </RunSynchronous>
      </component>
   </settings>
</unattend>
mwrock commented 9 years ago

Could possibly be the template. Did you remove ipsettings (except for maybe the dnsServerList) from your config? Thats needed for DHCP to work.

One thing I found when creating vmware templates is to make sure the template is set to use DHCP even if cloned VMs will be using static IPs. I seem to remember having trouble if the template was assigned to a static ip. That said, even if the template uses DHCP, its normal for the clone to initially come up using the same ip that the template last used. However it is also "normal" for that ip to change after the vmware tools start up and the customization process kicks in.

Also, just to be sure, the unattend.xml file we are talking about is the vmware generated one and not a custom unattend file you have created correct? If its one you have crafted and expect to use that would be a problem.

gleg commented 9 years ago

I'm not using DHCP at all here, it's all static so if I remove the IP part it just uses the template IP. Is it a requirement to use DHCP?

The unattend.xml is created during the kitchen test process and is not a custom made one. It looks very different from the original file on the template.

mwrock commented 9 years ago

No its not a requirement to use DHCP. I personally find it easier to use DHCP in kitchen scenarios and I thought you had commented trying to use it but static IPs should work too.

vmware generates the unattend files as part of its vm customization. So as long as you are not trying to manually intervene with your own unattend file, you should be good.

Do you mind including a gist of the kitchen output with debug logging on? That may help to get a better picture of what's going on.

gleg commented 9 years ago

Well this is the output https://gist.github.com/gleg/7389f98cbcd493f719c9

The VM does actually have the correct IP but if I open it in a console I see the following error http://imgur.com/23DDdHl

Which would explain why winrm fails to reach it.

mwrock commented 9 years ago

ah interesting. My guess is bad product key. I'd try manually cloning and see if you can successfully activate windows with the same key you are using.

gleg commented 9 years ago

Wow I think you might be right! I changed the key and it seems to be working. I'll test more after the weekend and share the results.

Thanks!

gleg commented 9 years ago

I've managed to test a few different cookbooks with this without any problems. I am wondering if there is a way to deal with encrypted data? I use chef vault and with vagrant you can just sync the VM to a key on your own host. Is there a way to use chef-vault with this driver?

mwrock commented 9 years ago

Glad to hear converging is working now. Unfortunately there is no vault integration with kitchen.yml. You might try putting the key in an environment variable and then embedding ruby in the yaml to extract it. Not ideal but does that make sense?

gleg commented 9 years ago

Closing this as the vault thing is a separate issue. Thanks for your help Matt