search

chef / bento

Packer templates for building minimal Vagrant baseboxes for multiple platforms
Apache License 2.0
4.24k stars 1.12k forks source link

Windows Server 2016 and 2019 fail on disable windows defender step. #1380

Closed mrswadge closed 1 year ago

mrswadge commented 3 years ago

Version:

Latest up to commit https://github.com/chef/bento/commit/e5ea77b3ce8b63f461f9f39cbcd03fd8ed4f6334

Environment:

Git-Bash on Windows 10.

Scenario:

Vagrant box image for usage within Virtual Box.

Steps to Reproduce:

packer build -only=virtualbox-iso windows-2016.json
packer build -only=virtualbox-iso windows-2019.json

Expected Result:

Windows defender to be disabled.

Actual Result:

    virtualbox-iso: Recipe: packer::remove_defender
    virtualbox-iso:   * windows_defender[disable windows defender] action disable
    virtualbox-iso:     * windows_service[Windows Defender] action disable
    virtualbox-iso:
    virtualbox-iso:       ================================================================================
    virtualbox-iso:       Error executing action `disable` on resource 'windows_service[Windows Defender]'
    virtualbox-iso:       ================================================================================
    virtualbox-iso:
    virtualbox-iso:       Errno::EIO
    virtualbox-iso:       ----------
    virtualbox-iso:       Input/output error - OpenService: Access is denied.
    virtualbox-iso:
    virtualbox-iso:       Resource Declaration:
    virtualbox-iso:       ---------------------
    virtualbox-iso:       # In c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/resource/windows_defender.rb
    virtualbox-iso:
    virtualbox-iso:       126:         windows_service "Windows Defender" do
    virtualbox-iso:       127:           service_name "WinDefend"
    virtualbox-iso:       128:           action %i{disable stop}
    virtualbox-iso:       129:         end
    virtualbox-iso:       130:       end
    virtualbox-iso:
    virtualbox-iso:       Compiled Resource:
    virtualbox-iso:       ------------------
    virtualbox-iso:       # Declared in c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/resource/windows_defender.rb:126:in `block in <class:WindowsDefender>'
    virtualbox-iso:
    virtualbox-iso:       windows_service("Windows Defender") do
    virtualbox-iso:         action [:disable, :stop]
    virtualbox-iso:         default_guard_interpreter :default
    virtualbox-iso:         declared_type :windows_service
    virtualbox-iso:         cookbook_name "packer"
    virtualbox-iso:         service_name "WinDefend"
    virtualbox-iso:         run_as_user "localsystem"
    virtualbox-iso:         supports {:restart=>nil, :reload=>nil, :status=>nil}
    virtualbox-iso:         run_as_password ""
    virtualbox-iso:       end
    virtualbox-iso:
    virtualbox-iso:       System Info:
    virtualbox-iso:       ------------
    virtualbox-iso:       chef_version=17.7.29
    virtualbox-iso:       platform=windows
    virtualbox-iso:       platform_version=10.0.17763
    virtualbox-iso:       ruby=ruby 3.0.2p107 (2021-07-07 revision 0db68f0233) [x64-mingw32]
    virtualbox-iso:       program_name=c:/opscode/chef/bin/chef-solo
    virtualbox-iso:       executable=c:/opscode/chef/bin/chef-solo
    virtualbox-iso:
    virtualbox-iso:
    virtualbox-iso:     ================================================================================
    virtualbox-iso:     Error executing action `disable` on resource 'windows_defender[disable windows defender]'
    virtualbox-iso:     ================================================================================
    virtualbox-iso:
    virtualbox-iso:     Errno::EIO
    virtualbox-iso:     ----------
    virtualbox-iso:     windows_service[Windows Defender] (c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/resource/windows_defender.rb line 126) had an error: Errno::EIO: Input/output error - OpenService: Access is denied.
    virtualbox-iso:
    virtualbox-iso:     Resource Declaration:
    virtualbox-iso:     ---------------------
    virtualbox-iso:     # In c:/windows/temp/packer-chef-solo/local-mode-cache/cache/cookbooks/packer/recipes/remove_defender.rb
    virtualbox-iso:
    virtualbox-iso:       1: windows_defender 'disable windows defender' do
    virtualbox-iso:       2:   action :disable
    virtualbox-iso:       3: end
    virtualbox-iso:
    virtualbox-iso:     Compiled Resource:
    virtualbox-iso:     ------------------
    virtualbox-iso:     # Declared in c:/windows/temp/packer-chef-solo/local-mode-cache/cache/cookbooks/packer/recipes/remove_defender.rb:1:in `from_file'
    virtualbox-iso:
    virtualbox-iso:     windows_defender("disable windows defender") do
    virtualbox-iso:       action [:disable]
    virtualbox-iso:       default_guard_interpreter :default
    virtualbox-iso:       declared_type :windows_defender
    virtualbox-iso:       cookbook_name "packer"
    virtualbox-iso:       recipe_name "remove_defender"
    virtualbox-iso:     end
    virtualbox-iso:
    virtualbox-iso:     System Info:
    virtualbox-iso:     ------------
    virtualbox-iso:     chef_version=17.7.29
    virtualbox-iso:     platform=windows
    virtualbox-iso:     platform_version=10.0.17763
    virtualbox-iso:     ruby=ruby 3.0.2p107 (2021-07-07 revision 0db68f0233) [x64-mingw32]
    virtualbox-iso:     program_name=c:/opscode/chef/bin/chef-solo
    virtualbox-iso:     executable=c:/opscode/chef/bin/chef-solo
    virtualbox-iso:
    virtualbox-iso:
    virtualbox-iso: Running handlers:
    virtualbox-iso: [2021-11-02T09:16:04+00:00] ERROR: Running exception handlers
    virtualbox-iso: Running handlers complete
    virtualbox-iso: [2021-11-02T09:16:04+00:00] ERROR: Exception handlers complete
    virtualbox-iso: Infra Phase failed. 7 resources updated in 16 seconds
    virtualbox-iso: [2021-11-02T09:16:04+00:00] FATAL: Stacktrace dumped to c:/windows/temp/packer-chef-solo/local-mode-cache/cache/chef-stacktrace.out
    virtualbox-iso: [2021-11-02T09:16:04+00:00] FATAL: ---------------------------------------------------------------------------------------
    virtualbox-iso: [2021-11-02T09:16:04+00:00] FATAL: PLEASE PROVIDE THE CONTENTS OF THE stacktrace.out FILE (above) IF YOU FILE A BUG REPORT
    virtualbox-iso: [2021-11-02T09:16:04+00:00] FATAL: ---------------------------------------------------------------------------------------
    virtualbox-iso: [2021-11-02T09:16:04+00:00] FATAL: Errno::EIO: windows_defender[disable windows defender] (packer::remove_defender line 1) had an error: Errno::EIO: windows_service[Windows Defender] (c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/resource/windows_defender.rb line 126) had an error: Errno::EIO: Input/output error - OpenService: Access is denied.
==> virtualbox-iso: Provisioning step had errors: Running the cleanup provisioner, if present...
==> virtualbox-iso: Cleaning up floppy disk...
==> virtualbox-iso: Deregistering and deleting VM...
==> virtualbox-iso: Deleting output directory...
Build 'virtualbox-iso' errored after 25 minutes 15 seconds: Error executing Chef: Non-zero exit status: 1

==> Wait completed after 25 minutes 15 seconds

==> Some builds didn't complete successfully and had errors:
--> virtualbox-iso: Error executing Chef: Non-zero exit status: 1

==> Builds finished but no artifacts were created.
tas50 commented 3 years ago

Thanks for submitting this @mrswadge. I ran into this the other day and didn't get a chance to submit it. Any chance you can submit that stacktrace?

mrswadge commented 3 years ago

Hi Tim,

Thanks for coming back so soon. Below you can find the chef-stacktrace.out as found under c:/windows/temp/packer-chef-solo/local-mode-cache/cache/chef-stacktrace.out

Generated at 2021-11-02 21:05:29 +0000
Errno::EIO: windows_defender[disable windows defender] (packer::remove_defender line 1) had an error: Errno::EIO: windows_service[Windows Defender] (c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/resource/windows_defender.rb line 126) had an error: Errno::EIO: Input/output error - OpenService: Access is denied.
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/ffi-win32-extensions-1.0.4/lib/ffi/win32/extensions.rb:101:in `raise_windows_error'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/win32-service-2.2.0/lib/win32/service.rb:519:in `configure'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/provider/service/windows.rb:362:in `set_startup_type'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/provider/service/windows.rb:173:in `disable_service'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/provider/service/windows.rb:234:in `block (2 levels) in <class:Windows>'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/mixin/why_run.rb:51:in `add_action'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/provider.rb:290:in `converge_by'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/provider/service/windows.rb:233:in `block in <class:Windows>'
(eval):2:in `block in action_disable'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/provider.rb:301:in `instance_eval'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/provider.rb:301:in `compile_and_converge_action'
(eval):2:in `action_disable'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/provider.rb:242:in `run_action'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/resource.rb:600:in `block in run_action'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/resource.rb:627:in `with_umask'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/resource.rb:599:in `run_action'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/runner.rb:74:in `run_action'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/runner.rb:108:in `block in run_all_actions'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/runner.rb:108:in `each'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/runner.rb:108:in `run_all_actions'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/resource_collection.rb:64:in `insert'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/dsl/declare_resource.rb:267:in `declare_resource'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/dsl/resources.rb:36:in `windows_service'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/resource/windows_defender.rb:126:in `block in <class:WindowsDefender>'
(eval):2:in `block in action_disable'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/provider.rb:301:in `instance_eval'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/provider.rb:301:in `compile_and_converge_action'
(eval):2:in `action_disable'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/provider.rb:242:in `run_action'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/resource.rb:600:in `block in run_action'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/resource.rb:627:in `with_umask'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/resource.rb:599:in `run_action'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/runner.rb:74:in `run_action'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/runner.rb:108:in `block in run_all_actions'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/runner.rb:108:in `each'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/runner.rb:108:in `run_all_actions'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/runner.rb:132:in `block in converge'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/resource_collection/resource_list.rb:96:in `block in execute_each_resource'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/resource_collection/stepable_iterator.rb:114:in `call_iterator_block'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/resource_collection/stepable_iterator.rb:85:in `step'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/resource_collection/stepable_iterator.rb:103:in `iterate'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/resource_collection/stepable_iterator.rb:54:in `each_with_index'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/resource_collection/resource_list.rb:94:in `execute_each_resource'
c:/opscode/chef/embedded/lib/ruby/3.0.0/forwardable.rb:238:in `execute_each_resource'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/runner.rb:130:in `converge'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/client.rb:686:in `block in converge'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/client.rb:681:in `catch'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/client.rb:681:in `converge'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/client.rb:705:in `converge_and_save'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/client.rb:285:in `run'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/application.rb:305:in `run_with_graceful_exit_option'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/application.rb:281:in `block in run_chef_client'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/local_mode.rb:42:in `with_server_connectivity'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/application.rb:264:in `run_chef_client'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/application/base.rb:352:in `run_application'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/application.rb:67:in `run'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29-universal-mingw32/lib/chef/application/solo.rb:60:in `run'
c:/opscode/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-bin-17.7.29/bin/chef-solo:24:in `<top (required)>'
c:/opscode/chef/bin/chef-solo:172:in `load'
c:/opscode/chef/bin/chef-solo:172:in `<main>'

Thanks, Stuart

mrswadge commented 3 years ago

I'm testing the following PowerShell against Windows 2016 and 2019. I don't know if this would work for other versions of Windows.

powershell_script 'disable windows defender' do
    code <<-EOH
        Get-WindowsFeature -Name 'Windows-Defender' | %{ if ($_.Installed) { Remove-WindowsFeature $_.Name } }
        Get-WindowsFeature -Name 'Windows-Defender-GUI' | %{ if ($_.Installed) { Remove-WindowsFeature $_.Name } }
    EOH
end
loister72 commented 2 years ago

In the basesetup.ps1 we use this code snippet: #disable Windows Defender set-mppreference -DisableRealtimeMonitoring $true

Stromweld commented 1 year ago

Closing this issue due to age. Please feel free to re-open or submit a new issue if the problem still exists with the latest version of the bento code.