Installs Chocolatey Server on a Windows host.
Note: This role has been tested on chocolatey.server 0.2.5, newer versions should work but this is not guaranteed
With the defaults this role will;
- Install the
chocolatey.serverpackage toC:\tools\chocolatey.server - Install various IIS features required for Chocolatey server
- Create an IIS web app pool called
chocolatey_server_app_pool - Create an IIS web site called
chocolatey_server_sitewith a http binding on port80 - Firewall rule to allow traffic in on port
80for thedomainandprivateprofiles
The following can also be configured as part of the role but require some optional variables to be set;
- Set an API Token for the Chocolatey server
- Specify users and their SHA1 password hash over basic auth
- Create a HTTPS binding for the site with an existing or self signed certificate
- Specify the path or URL of the
chocolateypackage to configure the server'sinstall.ps1script - Specify the maximum package size allowed on the server
I would like to thank kkolk for the excellent blog post that helped me write this role. You can read the post here.
To add new packages to the Chocolatey server install, copy the .nupkg to
{{ opt_chocolatey_server_path }}\chocolatey.server\App_Data\Packages and the
server will pick up the file.
Note: You first need to activate the file watcher by navigating to http://server/chocolatey/Packages at least once the IIS app pool is warm. Any restarts of pool recycles require you to do this again before any packages are picked up in this dir.
- Windows Server 2008 R2+
- Chocolatey client to be installed on the remote host if the remote host cannot access the internet
None, this role will run with the default options set.
opt_chocolatey_server_api_token: The API token/key that is used when uploading new packages to the server. If not specified then this will use the default token specified by thechocolatey.serverpackage.opt_chocolatey_server_credentials: Dictionary of username and password hashes to specify as the basic authentication credentials. The key is theusernamewhile the value is an upper case SHA1 hash of thepassword. If not set then basic auth is disabled and anonymous access is allowed.opt_chocolatey_server_firewall_profiles: The firewall profiles to use that will allow access to the Chocolatey Server (default:domain,private). This can be a combination ofdomain,private, and/orpublic.opt_chocolatey_server_http_port: The port to use for http access (default:80).opt_chocolatey_server_https_port: The port to use for https access, by default no https binding is created unless this is specified.opt_chocolatey_server_https_certificate: The certificate thumbprint to use for the HTTPS binding, if not specified then .opt_chocolatey_server_max_package_size: The maximum allowed size, in bytes, of a package that can be stored on the server (default:2147483648).opt_chocolatey_server_path: The root directory that thechocolatey.serverpackage is installed to (default:C:\tools).opt_chocolatey_server_source: The source location of the chocolatey.server package (default:https://chocolatey.org/api/v2/). This can be the name/url of a Nuget repository or a local path that contains the nupkg file.
To set up the Chocolatey server to create an install.ps1 script and source
the installer file from the repo instead of the internet, download the
chocolatey nupkg file and set one
of the following two variables that point to this file;
opt_chocolatey_server_chocolatey_path: The path that is accessible from the remote host to the Chocolatey nupkg file.opt_chocolatey_server_chocolatey_url: The URL that is accessible from the remote host to the Chocolatey nupkg file.
If neither of these values are set, then the install.ps1 script from this
server will default to the public install script on the Chocolatey site.
These variables are set as a host fact with set_fact during the execution.
They can be used by any downstream roles or tasks for that host.
out_chocolatey_server_https_certificate: If a https binding is created with a self signed certificate, this is the certificate hash of the certificate created.
None
- name: install Chocolatey Server with the defaults
hosts: windows
gather_facts: no
roles:
- jborean93.win_chocolatey_server
- name: setup Chocolatey with HTTPS listener on custom path and enable basic authentication
hosts: windows
gather_facts: no
vars:
opt_chocolatey_server_api_token: eb82582c-2214-4ce9-9689-8c823ae33e45
opt_chocolatey_server_credentials:
build-team: '{{ build_team_pass | hash("sha1") | upper }}'
test-team: '{{ test_team_pass | hash("sha1") | upper }}'
build-team: '{{ build_team_pass | hash("sha1") | upper }}'
opt_chocolatey_server_http_port: 8080
opt_chocolatey_server_https_port: 8443
opt_chocolatey_server_path: D:\tools
opt_chocolatey_server_chocolatey_url: https://internalrepo.domain/chocolatey.0.10.11.nupkg
roles:
- jborean93.win_chocolatey_server
post_tasks:
- name: output the cert hash used for the HTTPS bindings
debug:
var: out_chocolatey_server_https_certificate
None - feature requests are welcome