Testing on ec2 with test-kitchen

[webframp]

Hey there @derekgroh and others!

I have a question about the testing approach used with this cookbook and was wondering if anyone had input.

Have you tested this at all with the ec2 driver for creating a new forest and joining a new member computer to the new domain? I’m interested in how you handle the necessary reboots and any fine tuning of timeout values that might be required.

If not specifically ec2 related have you had to work around these kinds of issues with other windows AD testing pipelines?

[webframp]

Further background, this is the recurring issue I am seeing:

         * windows_ad_domain[test.net] action create
D      [WinRM] Waiting for output...
D      [WinRM] retrying receive request after timeout
D      [WinRM] retrying receive request after timeout
D      [WinRM] cleaning up command_id: 8FE65499-6CCE-488A-95C2-4182DAC2D6A0 on shell_id 085D300D-1560-47C9-87C6-4F4D28AC6B67
D      Cleaning up local sandbox in /var/folders/66/180ynjt55z74l338gh0stq0c0000gn/T/domain-controller-windows-2016-sandbox-20191017-73513-15oumx0
>>>>>> ------Exception-------
>>>>>> Class: Kitchen::ActionFailed
>>>>>> Message: 1 actions failed.
>>>>>>     Failed to complete #converge action: [Operation timed out - Operation timed out - connect(2) for "10.107.12.86" port 5985 (10.107.12.86:5985)] on domain-controller-windows-2016
>>>>>> ----------------------
>>>>>> Please see .kitchen/logs/kitchen.log for more details
>>>>>> Also try running `kitchen diagnose --all` for configuration

[derekgroh]

I have not tested with the ec2 driver, but this should not be limited as only an ec2 driver issue.

For the initial forest creation, the best method was to not perform a reboot as part of the ADDS and instead notify a reboot resource to allow chef to be aware of the reboot.

I'll take a look at my old testing branches to see if I still have the code that was exploring this issue.

[webframp]

Thanks, trying out a few things but can't seem to nail down the correct combination of kitchen settings for timeouts and retries to get the initial create to work successfully. I want to build out some automation for RODC work but want the automation pipeline to be able to build out the domain fresh everytime from a test fixture cookbook.

Using the following very basic platform setting in kitchen yml:

platforms:
  - name: windows-2016

And a very simple resource:

windows_ad_domain domain_name do
  action :create
  safe_mode_pass 'supersecret'
  restart true
end

With debug output we see it always times out and dies waiting here:

         * windows_ad_domain[test.net] action create
D      [WinRM] Waiting for output...
D      [WinRM] retrying receive request after timeout
D      [WinRM] retrying receive request after timeout
D      [WinRM] retrying receive request after timeout
D      [WinRM] retrying receive request after timeout
D      [WinRM] retrying receive request after timeout
D      [WinRM] retrying receive request after timeout
D      [WinRM] retrying receive request after timeout
D      [WinRM] retrying receive request after timeout
D      [WinRM] retrying receive request after timeout
D      [WinRM] Processing output
           * powershell_script[create_domain_test.net] action run
             - execute "C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -InputFormat None -File "C:/Users/vagrant/AppData/Local/Temp/chef-script20191018-3020-1w8ahbg.ps1"

D      [WinRM] Waiting for output...
D      [WinRM] Processing output
         * windows_ad_user[admin_user] action create

           ================================================================================
           Error executing action `create` on resource 'windows_ad_user[admin_user]'
           ================================================================================

           RuntimeError
           ------------
           Failed to execute command.
           STDOUT:
           STDERR: dsquery failed:The specified domain either does not exist or could not be contacted.

           type dsquery /? for help.


...

Handling windows restarts is always a pain with chef, adding AD in the mix makes just enough of a problem to keep eluding me. If you have info on the correct provider or transport kitchen config values you have been able to use in the past that would be super helpful.

[derekgroh]

For your example there, it seems the computer rebooted after: windows_ad_domain[test.net] before it was able to run powershell_script[create_domain_test.net].

Confirm your recipe does something similar to the test recipe, then adjust your wait_for_retry: and max_retries: higher than necessary to capture a success case. Then tune the values down to avoid idle testing time.

[CoreyLivingston]

I have the same issue. I'll do some testing and see what I can prove/disprove on this issue.

[nielsbuus]

I seem to be facing the same issue, but for Windows Server 2019. Did any of you manage to successfully provision a domain controller using test-kitchen / WinRM?