bootstrapping a windows client in chef

Question 1

Bootstrapping Chef on Windows systems requires an additional knife plugin, knife-windows This plugin uses WinRM to allow you to call native objects in Windows remotely.

The plugin adds a few subcommands, notably knife bootstrap windows winrm and knife bootstrap windows ssh, as well as custom bootstrap templates designed for Windows.

Once you have installed the knife-windows plugin, you should be able to bootstrap your Windows system using a command similar to:

knife bootstrap windows winrm ipaddress -x Administrator -P 'super_secret_password'

Question 2

First to answer your two questions:

The -x username and -P password parameters are the credentials for the node you want to bootstrap. So if you had a Windows VM that you login to as Administrator/password, then you would pass -x Administrator -P password
Yes, the ipaddress is the address of the node you want to bootstrap for management with chef.

But no, the ipaddress is not "The machine from where I want to upload the cookbooks to the server?" And this makes me think you have a misunderstanding...

You upload cookbooks to the server from your workstation.
You initialise your workstation using knife configure --initial.
You can then upload cookbooks using knife cookbook upload cookbook_name

Whereas...

You use knife bootstrap (on your workstation) to install chef-client on, and register as a node with the chef-server, remote machines that you want to manage as chef nodes.
You do not need to knife bootstrap your workstation.

Regarding bootstrapping a Windows node, if that's what you want to do, @Michael has you on the right track.

Question 3

Using WinRM requires that Windows is listening for HTTPS requests (port 5986 ). Therefore WinRM must be started on the Windows machine. But to do so requires that the machine have a certificate installed as well otherwise https won't work. And as far as I know knife bootstrap with winrm will only use secure comms.

for example...

winrm quickconfig -transport:https

Message = Cannot create a WinRM listener on HTTPS because this machine does not have an appropriate certificate. To be used for SSL, a certificate must have a CN matching the hostname, be appropriate for Server Authentication, and not be expired, revoked, or self-signed.

So... install a propert certificate, ensure winrm has started listening etc.

Use this to see the status...

winrm enumerate winrm/config/listener

Question 4

Run following commands on the Windows client node Powershell

 set-item wsman:\localhost\shell\maxmemorypershellmb 1024
 set-item wsman:\localhost\MaxTimeoutms 300000
 set-item wsman:\localhost\service\allowunencrypted $true
 set-item wsman:\localhost\service\auth\basic $true

And then run following command on chef workstation

knife bootstrap -o winrm "ip_address" -U "Administrator" -P "password" -N "window_node"

Question 5

New updated command to bootstrap a windows node

knife bootstrap -o winrm IP-Address -N 'Node-Name' -U Domain-OR-Local-User -P 'Password'

Node-Name: It will be displayed in Chef Automate console

Question 6

Please check if you can do a telnet from the workstation to the node you try to access.

This can be checked by typing telnet in a command prompt.

If telnet is not recognized as a command, then follow the steps:

Right click on "My Computer" > Manage > features
Click on "Add Features"
Select "Telnet Client"
Press Install button

It will take sometime to install.

Once it is installed, you can do the same telnet from your workstation's command prompt to the chef node

telnet <ip_address> 5985 //5985 is the port you want to do telnet.