Open the system drive of an AWS instance you cannot log into

If you cannot log into an AWS instance and want to inspect files on it, you can detach the volume from the lost instance and attach it to another instance as the secondary drive.

Create a new instance

Create a new AWS instance and log into it,
Make a note of the Instance ID of this new instance,
In the AWS console find your lost instance, that you cannot log into, by IP address or server name,
Using the AWS console stop the lost instance,
Make a note of the Instance ID of the stopped instance.

Detach the root volume from the stopped lost instance

On the Description tab click the name of the root device
In the popup click the EBS ID
Make a note of the volume ID,
Click the Actions button and select Detach Volume.

Attach the volume to the new instance

On the same, detached root volume page, click the Actions button and select Attach Volume,
Search for the new instance by Instance ID and enter a name for the device
On the Description tab of the new instance, the second drive appears,

Assign a drive letter to the attached drive

Log into the new instance,
On the toolbar click the Server Manager icon,
In the Tools menu select Computer Management,
On the left side select Disk Management,
Right-click the second disk and select Online,
The partitions of the attached volume automatically get the drive letters. The primary partition received the letter E:
The drives show up in Windows Explorer too.

Debugging a Packer build

Packer can configure a server instance and create an image of it.

If you need to examine what Packer is doing, you can run Packer in debug mode and RDP into the instance to view files and other settings.

Open the firewall

In the “builders” element add a line to the Packer template to execute a configuration file:
```
"user_data_file": "bootstrap-aws.txt",
```
Create the bootstrap-aws.txt file in the same directory where your Packer template is located,

Add lines to the bootstrap-aws.txt file to create an administrator user, enable the Remote Desktop connection, and open the firewall for the RDP port:

# Administrator user
cmd.exe /c net user /add MY_USERNAME MY_PASSWORD
cmd.exe /c net localgroup administrators MY_USERNAME /add

# RDP
cmd.exe /c netsh advfirewall firewall add rule name="Open Port 3389" dir=in action=allow protocol=TCP localport=3389
cmd.exe /c reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

Build in debug mode

Execute the build with the -debug option:
```
packer build -debug win2012.json
```

Open the RDP port in the temporary security group

During the build, Packer will prompt you to press enter before major steps.

When the IP address of the instance is displayed on the screen, search for the temporary security group’s name by
```
Creating temporary security group for this instance
```
In the AWS console search for the security group and add a new inbound rule to open port: 3389 for the Remote Desktop Connection:

Connect to the instance

Find the IP address of the instance on the screen,
Start a Remote Desktop connection to the instance,
Use the administrator username and password specified in the bootstrap-aws.txt file.

Log locations

The EC2 log file on the instance is at
C:\Program Files\Amazon\Ec2ConfigService\Logs\Ec2ConfigLog.txt

Install the binary component of LastPass

To be able to download attached files from LastPass, you need to install the binary component for LastPass in your web browser.

Navigate to https://lastpass.com/misc_download2.php
Install the LastPass for Chrome (full version) plugin

Create a new server image for a RightScale server template

The RightScale server templates publish server images to launch. It is advisable to create your own server image because the cloud providers can remove their published images anytime. If you generate your own image, you control the lifecycle of those.

Create your own server image

Use Packer to create a new server image.

Install RightLink.

On Windows

Create a PowerShell script and save it as install-rightlink.ps1

$wc = New-Object System.Net.Webclient
$wc.DownloadFile("https://rightlink.rightscale.com/rll/10/rightlink.install.ps1",
   "$pwd\rightlink.install.ps1")
Powershell -ExecutionPolicy Unrestricted -File rightlink.install.ps1

Execute it from the Packer template

"provisioners": [
  {
    "type": "powershell",
    "pause_before":"10s",
    "scripts": [
    "install-rightlink.ps1"
    ]
  }
]

For more information see “Create Custom Images with RightLink” at http://docs.rightscale.com/rl10/getting_started.html

Make the image public, so RightScale can see it
1. Open the AWS console
2. On the EC2 Dashboard select AMIs
3. Find the image by AMI resource ID
4. On the Permission tab click the Edit button
5. Keep the image private, but share it with the AWs account you create the server template in.

Attach the image to your RightScale server template

Make sure the image is visible in RightScale.

It can take 30 minutes for the new image to appear in the list.

Open the RightScale Cloud Management console
In the upper right corner select the account you want to work in,
In the Clouds menu find the region where you created the image and click the Images link
Search for the image

If you have an existing MultiCloud image and want to update the server image in it

In the Design menu select the MultiCloud Images link
Find the existing image by name
Click the name of the image to open it
On the Clouds tab select region, you are working in and click the pencil icon
Click the Edit Image button
Type a part of the name of the new server image you have just created to find it
Click the name of the image to select it
Click the Save button to add it to the MultiCloud image
Click the Update button to save the MultiCloud image

Test the new MultiColud Image

Set the MultiCloud image version in the Server Template

Test the new MultiCloud image by TEMPORARILY using the HEAD revision of the Server Template and the MultiCloud image

To test the new image TEMPORARILY select the HEAD revision of the MultiCloud image to be used by the Server Template

In the Design menu select the ServerTemplates link
Find your Server Template
Click the name of the template to open the info page
Select the HEAD revision of the Server Template
On the Images tab click the pencil to set the revision of the MultiCloud image to use
TEMPORARILY select the HEAD revision for the MultiCloud Image and click the green check mark to save the selection.

In your CAT file set revision 0 to use the HEAD revision of the Server Template

Launch a new server using Self Service with the HEAD revision of the Server Template

Create the new version of the MultiCloud Image

When you have successfully tested the new MultiCloud Image create a new version of it.

Find your MultiCloud Image in Desing, MultiCloud Images
Click the Commit button and enter a description for the change

Create the new version of the Server Template

Save a new version of the Server Template

Find your Server Template in Design, ServerTemplates
Click the Commit button

Publish the Server Template

Select the last revision and click the Publish to MultiCloud Marketplace button
Keep it private
Select the account group to share with and click the DESCRIPTIONS button
Click the PREVIEW button
Click the PUBLISH button

Import the Server Image to the other accounts you use

To be able to use the new version of the Server Image switch to the other accounts and import the template

In the Design menu under MultiCloud Marketplace select the ServerTemplates link
Enter a portion of the Server Template name in the Keyword box and click the GO button
Click the name of the template
Click the Import button

If you want to use a new MultiCloud image in the Server Template

To create a new MultiCloud image

Add the new MultiCloud image to the server template

Open the RightScale Cloud Management console
In the Design menu select ServerTemplates
Find your server template
On the Images tab click the Add MultiCloud Image button

windows_task, ArgumentError: invalid date

When the windows_task resource is called to “create” a Windows Scheduled Task that already exists, an error message is returned. In the past, the “modify” action was responsible for the modification of the scheduled tasks, since Chef 13 the “create” action would update the task if exists.

ArgumentError: …[…] (…:… line …) had an error: ArgumentError: windows_task[…] (… line …) had an error: ArgumentError: invalid date

C:/opscode/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.6.4-universal-mingw32/lib/chef/provider/windows_task.rb:507:in `strptime’
C:/opscode/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.6.4-universal-mingw32/lib/chef/provider/windows_task.rb:507:in `parse_day’
C:/opscode/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.6.4-universal-mingw32/lib/chef/provider/windows_task.rb:239:in `convert_user_date_to_system_date’
C:/opscode/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.6.4-universal-mingw32/lib/chef/provider/windows_task.rb:99:in `action_create’

It looks like Chef tries to get a date from the existing scheduled task, and cannot parse it successfully.

As we currently cannot update existing tasks, we need to put a guard into the windows_task resource to prevent the execution if the task exists.

 
startup_task_name = 'chef-client-at_startup'

windows_task "create #{startup_task_name}" do
  task_name "#{startup_task_name}"
  ...
  guard_interpreter :powershell_script
  only_if "(Get-ScheduledTask | Where-Object {$_.TaskName -eq "#{startup_task_name}"}).TaskName.Length -eq 0"
end

Application error codes

When an application execution fails, it usually returns an error code to specify the cause of the problem.

Windows error codes

Application	Error code		Cause	Workaround
Visual Studio	-2147205120		The computer has a pending restart and must be rebooted before the execution.	Restart your computer, and then rerun the application.

.NET Framework Detection in the Windows Registry

To determine which .NET framework is installed on the Windows computer check the values in the registry.

The HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full key contains two values you can check:

Release
Version

You can use InSpec, part of the Chef DK, to check the values:

describe registry_key('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full') do
  it { should have_property 'Release' }
  it { should have_property_value('Release', :dword, 460805) } # For dword use the decimal value, no quotes
end

describe registry_key('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full') do
  it { should have_property 'Version' }
  it { should have_property_value('Version', :string, '4.7.02053') }
end

.NET version	Release key hexadecimal	Release key decimal	Version key	Install path
4.6.1	6041F	394271
4.6.2	60636	394806	4.6.01590
4.7	70805	460805	4.7.02053	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
4.7.1	709FE	461310	4.7.02558
4.7.2	70bf6	461814	4.7.03062	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
4.8	80EB1	528049

For more information see

https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed

Chef exit codes

Chef uses the standard RFC 062 exit codes.

In your .kitchen.yml file, you can supply an array of exit codes in the “retry_on_exit_code” option to retry the operation in case the Chef script execution is interrupted. The usual values are

 retry_on_exit_code: # An array of exit codes that can indicate that kitchen should retry the converge command. Defaults to an empty array.
   - 35              # Reboot is scheduled
   - 20              # The Windows system cannot find the device specified.
   - 1               # Generic failure

Chef exit codes

  0: SUCCESS            - Successful run     - Any successful execution of a Chef utility should return this exit code
  1: GENERIC_FAILURE    - Failed execution   - Generic error during Chef execution.
  2: SIGINT_RECEIVED    - SIGINT received    - Received an interrupt signal
  3: SIGTERM_RECEIVED   - SIGTERM received   - Received an terminate signal
 35: REBOOT_SCHEDULED   - Reboot Scheduled   - Reboot has been scheduled in the run state
 37: REBOOT_NEEDED      - Reboot Needed      - Reboot needs to be completed
 41: REBOOT_FAILED      - Reboot Failed      - Initiated Reboot failed - due to permissions or any other reason
 42: AUDIT_MODE_FAILURE - Audit Mode Failure - Audit mode failed, but chef converged successfully.
213: CLIENT_UPGRADED    - Chef upgrade       - Chef has exited during a client upgrade

Relevant Windows exit codes

 20: ERROR_BAD_UNIT     - The system cannot find the device specified.

The list of all Windows error codes is located at https://msdn.microsoft.com/en-us/library/windows/desktop/ms681381(v=vs.85).aspx

The Linux exit codes for

sysexits: https://www.freebsd.org/cgi/man.cgi?query=sysexits&apropos=0&sektion=0&manpath=FreeBSD+4.3-RELEASE&format=html
Bash scripting: http://tldp.org/LDP/abs/html/exitcodes.html

FATAL: Chef::Exceptions::Reboot: Rebooting server at a recipe’s request.

When your Chef recipe requests a reboot using the “reboot” Chef resource, the output window shows an error message:

Chef Client finished, …/… resources updated in … seconds
[…] WARN: Rebooting server at a recipe’s request. Details: {:delay_mins=>1, :reason=>”…”, :timestamp=>…, :requested_by=>”…”}

Running handlers:
[…] ERROR: Running exception handlers
Running handlers complete
[…] ERROR: Exception handlers complete
Chef Client failed. … resources updated in … seconds
[…] FATAL: Stacktrace dumped to C:/Users/…/AppData/Local/Temp/kitchen/cache/chef-stacktrace.out
[…] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
[…] FATAL: Chef::Exceptions::Reboot: Rebooting server at a recipe’s request. Details: {:delay_mins=>1, :reason=>”…”, :timestamp=>…, :requested_by=>”…”}

Chef also saves the error message in the stacktrace.out file at C:/Users/…/AppData/Local/Temp/kitchen/cache

As coderanger wrote it, replying to a StackOverflow post, it is not an error, it is a necessity to be able to stop the Chef cookbook execution when a reboot is requested. See https://stackoverflow.com/questions/39057254/why-does-chef-throw-fatal-error-on-restart-request

“Because we want to avoid running anything further in the Chef converge and the easiest way to do that is to raise an exception.”

“It’s a weird special case because Ruby doesn’t have any other non-local code execution flow construct that would work well in this case. You’ll just have to add a filter for it. Such are the realities of building software in an imperfect world :) – coderanger Aug 21 ’16 at 5:24″

Unable to satisfy constraints on package

When you make a change to the version restrictions in the metadata.rb file and execute berks install in your Chef cookbook directory, you may get the error message:

Unable to satisfy constraints on package … due to solution constraint (…). Solution constraints that may result in a constraint on …: [(…)], [(…) -> (…)]
Demand that cannot be met: (…)
Artifacts for which there are conflicting dependencies: … = … -> [(…), (… ~> …)]Unable to find a solution for demands:…

Execute

berks update

find the latest allowed versions of all referenced cookbooks,
update the Berksfile.lock file and
download the missing cookbooks to the cookbook cache folder at ~/.berkshelf/cookbooks
This command executes berks install too behind the scenes.