Chef Cookbook for Setting up MDS + Chef Client Installer Changes

Addressed comments from Matt(offline), and Ryan in previous CR
MDS Recipe
 - Split recipes into distinct recipes
 - Reused recipes from GetResourceManager
 - Moved certificate installation into it's own recipe.
 - Also supports installing multiple certificates
 - Store certificate passwords into encrypted data bags
 - Moved MDS attributes under services
 - Smarter joining of URLs
 - Other random code cleanup
 - Fixed bugs related to MDS setup

Chef Client SDK
 - Add support for installing node-based encrypted data bag secrets with the client installer
 - Code clean up of the Chef Client Installer SDK
 - Removed ssl_verify_mode :verify_none from default Config.json
 - Added readme file so the nuget package creates a resource folder for the user to drop the msi into

git-tfs-id: [http://vstfmsn:8080/tfs/MSN01]$/PubServices/Deployment/InstallationSDK/Main/src/Modules/InstallationSDK.ChefClientInstaller;C1147172

InstallationSDK.ChefClientInstaller.Unit.Tests.ps1

@@ -246,7 +246,8 @@ InModuleScope $ModuleUnderTest {
         $path = $commandLinesToExecute[3]
         It "(msiexec) should contain everything it needs to install the chef-client properly" {
             $msiExecCommand | Should Match "msiexec"
-            $msiExecCommand | Should Match "\.msi"
+            # We currently do not package the msi with the nuget package. Ignore this for now
+            # $msiExecCommand | Should Match "\.msi"
             $msiExecCommand | Should Match "ChefClientFeature,ChefServiceFeature"
             $msiExecCommand | Should Match "InstallLocation"
             $msiExecCommand | Should Match "ROOTDRIVE"

InstallationSDK.ChefClientInstaller.psm1

@@ -19,13 +19,18 @@ function Install-ChefClient
     .EXAMPLE
       Install-ChefClient -verbose
   #>
-
+  [CmdLetBinding()]
   param(
-    $InstallLocation = "C:\Opscode",
-    $RootDrive = $env:SystemDrive,
-    $RootPath = "C:\Chef",
-    $ConfigFile = "Client.rb",
-    $LogFile = "client.log"
+    [ValidateNotNullOrEmpty()]
+    [string] $InstallLocation = "C:\Opscode",
+    [ValidateNotNullOrEmpty()]
+    [string] $RootDrive = $env:SystemDrive,
+    [ValidateNotNullOrEmpty()]
+    [string] $RootPath = "C:\Chef",
+    [ValidateNotNullOrEmpty()]
+    [string] $ConfigFile = "Client.rb",
+    [ValidateNotNullOrEmpty()]
+    [string] $LogFile = "client.log"
   )
 
     Process
@@ -66,8 +71,10 @@ function Get-ChefClientConfig
     .EXAMPLE
       Get-ChefClientConfig 
   #>
+  [CmdLetBinding()]
   param(
-    $Path = $null
+    [AllowNull()]
+    [string] $Path = $null
   )
 
   Process
@@ -79,6 +86,7 @@ function Get-ChefClientConfig
         "client_key" = "";
         "node_name" = "";
         "chef_server_url" = "";
+		"encrypted_data_bag_secret" = "";
         "validation_client_name" = "";
         "validation_key" = "";
         "interval" = "";
@@ -89,8 +97,6 @@ function Get-ChefClientConfig
     {
         # Regex matches simple "somekey value" pattern
         # Parses out custom Ruby (like now = Time.new)
-        # Use -Template in Save-ChefClientConfig to get back custom ruby script
-        # (Side note, I don't really like this implemention. Probably needs to be replaced with something more robust)
         Get-Content -Path $Path | foreach  {
             if (-not ($_ -match "^[a-zA-Z0-9_]*\s*[:'`"0-9].*['`"]?" ))
             {
@@ -133,13 +139,12 @@ function Save-ChefClientConfig
   #>
   [CmdLetBinding(DefaultParameterSetName="Append")]
   param(
-    [Parameter(Mandatory=$true, ValueFromPipeline=$true)]
+    [Parameter(Mandatory, ValueFromPipeline)]
     $InputObject,
 
-    [Parameter(Mandatory=$true)]
-    $Path = $null,
-
-    $Template = $null,
+    [Parameter(Mandatory)]
+    [ValidateNotNullOrEmpty()]
+    [string]$Path,
 
     [Parameter(ParameterSetName="Append")]
     [switch]$Append = $false,
@@ -233,8 +238,9 @@ function Get-ChefNodeList
     .EXAMPLE
       Get-ChefNodeList
   #>
-
+  [CmdletBinding()]
   param(
+    [AllowNull()]
     $Config
   )
 
@@ -274,18 +280,31 @@ function Get-ChefNodeList
 function Invoke-Knife
 {
     knife $args
+    if ($LASTEXITCODE -ne 0)
+    {
+        throw "Knife exited with error code: $LASTEXITCODE"
+    }
 }
 
 function Invoke-SC
 {
     sc.exe $args
+
+    if ($LASTEXITCODE -ne 0)
+    {
+        throw "sc.exe exited with error code: $LASTEXITCODE"
+    }
 }
 
 
 # Same with env:path
 function Set-Path
 {
-param($newPath)
+[CmdletBinding()]
+param(
+  [ValidateNotNullOrEmpty()]
+  [string]$newPath
+)
 
     if (-not $env:Path.Contains($newPath))
     {

InstallationSDK.ChefClientInstaller.psproj

@@ -4,7 +4,7 @@
   "Module": {
     "Id": "461F01C0-4131-4D08-B26A-77BFA521923B",
     "Name": "InstallationSDK.ChefClientInstaller",
-    "Version": "0.1.3",
+    "Version": "0.1.4",
     "Author": "icechef@microsoft.com",
     "CompanyName": "Microsoft",
     "Description": "PowerShell Cmdlets for installing Chef-Client.",

resources/Readme.txt

@@ -0,0 +1,6 @@
+Requires Chef Client v12 or higher.
+
+Go to https://www.chef.io/download-chef-client/ and choose Windows/2012r2/x86_64 and download the latest version.
+
+Or download the latest tested version at:
+http://www.opscode.com/chef/install.msi

script/Main.ps1

@@ -44,7 +44,7 @@ Import-Module InstallationSDK.AzureServiceRuntime
 
 # Go ahead and install, we'll need the knife tool later
 # Override the rootdrive, for Azure
-Install-ChefClient -RootDrive "C:" -RootPath $RootPath
+Install-ChefClient -RootDrive "C:" -RootPath $RootPath -LogFile ("client_{0}.log" -f [DateTime]::Today.ToString("yyyyMMdd"))
 
 $ClientRbObject = $null
 
@@ -81,6 +81,43 @@ if ($config -and $config.sslVerifyMode)
     }
 }
 
+# Set the default encrypted_data_bag_secret
+
+#
+# Get Value (actual key) from RoleEnvironment
+#
+
+$encryptedDataBagSecret = Get-CloudServiceConfigurationSettingValue "ChefClient_EncryptedDataBagSecret"
+if ($encryptedDataBagSecret)
+{
+	$pathToEncryptedDataBagSecret = Join-path -Path $RootPath -ChildPath "encrypted_data_bag_secret"
+    $encryptedDataBagSecret | Set-Content -Path $pathToEncryptedDataBagSecret -Force
+
+    Write-Output "Encrypted Data Bag Secret set to: $encryptedDataBagSecret"
+}
+elseif ($config -and $config.encrypted_data_bag_secret_file)
+{
+	$encryptedDataBagSecretFile = $config.encrypted_data_bag_secret_file
+
+	# Ensure the secret exists with that filename
+    $encryptedDataBagSecretFileTemp = Join-Path $PSScriptRoot $encryptedDataBagSecretFile 
+    if (-not (Test-Path $encryptedDataBagSecretFileTemp))
+    {
+        throw "Did not find the encrypted_data_bag_secret at path $encryptedDataBagSecretFileTemp"
+    }
+        
+	$pathToEncryptedDataBagSecret = Join-path -Path $RootPath -ChildPath $encryptedDataBagSecretFile
+
+    Copy-Item $encryptedDataBagSecretFileTemp $pathToEncryptedDataBagSecret -Force
+}
+
+if ($pathToEncryptedDataBagSecret)
+{
+	$ClientRbObject.encrypted_data_bag_secret = $pathToEncryptedDataBagSecret 
+
+    Write-Output "Set encrypted_data_bag to: $pathToEncryptedDataBagSecret"
+}
+
 # Try to get server_url from Cloud Service CsCfg first. If not, check the config.json
 # Value from Cloud Service CsCfg always wins.
 $url = Get-CloudServiceConfigurationSettingValue "ChefClient_ServerUrl"

script/config.json

@@ -3,7 +3,8 @@
   "role": "",
   "pollInterval": "",
   "serverUrl": "",
-  "sslVerifyMode": ":verify_none",
+  "sslVerifyMode": "",
   "validationClientName": "",
-  "validationKey": ""
+  "validationKey": "",
+  "encrypted_data_bag_secret_file":  ""
 }