Configuration Management for Windows

Are there any tools for windows like that *nix world has? I am looking for something like Chef or Puppet.

I have found cfEngine but it still looks very *nix centric. Ideally it would be open source, and command line driven.

The idea is to put together an automated infrastructure with windows based servers. Our current IT department does not allow non-windows servers.

Chef is supported on Windows by Opscode. While we don't run Windows for any of our infrastructure, we do have developers who are continually improving our Windows support. We also get community contributions, and most of the early phase Windows functionality for Chef was contributed by the community.

Important: Opscode now provides an MSI installer for Chef on Windows. This makes it easier than ever to get Chef and Ruby installed on Windows.

While we have a lot of Unix/Linux background across our teams, our intention is that Windows is treated as a first class citizen. 2012 will be a big year for Chef and Windows. Keep an eye on the Opscode blog for announcements.

The following Chef Resources work on Windows:

Environment Resource: sets windows environment variables
User
Group
Mount
File
Gem Package
Remote File
Cookbook File
Template
Service
Ruby Block
Execute

That is, these are resources included in Chef itself. As Chef is extensible with cookbooks, many more resources are added through a variety of Windows specific cookbooks. Read on for more information.

You can get started with using Chef and Windows here:

• http://wiki.opscode.com/display/chef/Fast+Start+Guide+for+Windows

Originally, Doug MacEchern wrote some cookbooks to do a number of things to automate windows, too.

• https://github.com/dougm/site-cookbooks/tree/master/windows

This information and more available on the Chef Wiki:

• http://wiki.opscode.com/display/chef/Installation+on+Windows

Update

The following cookbook adds new resources to Chef to manage Windows:

• http://community.opscode.com/cookbooks/windows

It is an update/rewrite of Doug's fine resources from his repository linked above. Documentation is available on the Chef Wiki.

The following cookbook deploys PowerShell and provides a resource to run PowerShell commands/scripts directly in Chef Recipes:

• http://community.opscode.com/cookbooks/powershell

Documentation is available in the README.md included in the cookbook tarball.

Additional cookbooks for installing 7-zip, managing IIS and SQL Server have been added. Our "database" cookbook has been extended with a resource/provider for managing SQL Server databases and users (with the tds rubygem).

The knife-windows plugin for knife adds functionality for interacting with Windows systems to provision them with Chef installation.

Update: We have now added File ACL support for Windows to Chef, for all the usual file/directory suspects.

Cfengine Nova has had stable native support for Windows for years (i.e. no Cygwin is needed).

Everything that is possible on Unix (e.g. run commands, file copy, file edit, etc.) can also be done on Windows, with addition to Windows-specific features like

• Registry management
• File ACL permissions
• Windows service management
• Event log support
• Advanced OS discovery (version, arch, service pack, network, domain, etc.)

For a short introduction, look in Section 11 of the Nova supplement manual: http://cfengine.com/files/Nova_Supplement.pdf

I have been looking for exactly the same thing.

I ran across Windows PowerShell Desired State Configuration which purports to do many of the CM tasks you'd want to do with Chef/Puppet.

I am not going to give any opinion on it because I am still early in evaluating it - but if you're still looking for something, give this a shot.

Having had a deal of experience here i think that it really depends what you need to manage on a given box. Find your most common use case and ask a more specific question in terms of: whats the best tool for managing that. Things like IIS can be tricky (on older windows builds at least) and finding modules for CM tools to manage things like IIS settings and app pools can be hit and miss - especially when it comes to advanced settings (worker thready recycling springs to mind)

However Puppet has forge modules for more basic IIS settings which largely worked for me - and i really like the declarative format here - especially if you are managing large numbers of IIS servers

Also one of the major issues with Windows and configuration management is the lack of a proper package management solution - what actually comes in really handy here is something called Chocolatey (see http://chocolatey.org/) there is a plugin to use this as a provider in puppet - making the whole management process particularly easy. However i imagine that this can be integrated with other CM tools aswell - but does a great deal to help with installing software automatically in a windows environment

Though it is worth stating that whatever you end up using you will have to spend a while figuring out some odd bugs - windows and scripting/automation is not the best.

Based on my experience, I am glad to use such toolset:

1. Use powershell to manage the windows configuration. If only windows server, you can remotely execute the ps script.

2. If you like, suggest to use Puppet or Chef to distribute your powershell script into client.

3. If you like, suggest to use cygwin + (windows sshd) + crond to manage the shell-likely scripts which run in windows.

I think its better if you can use Microsoft System Center.

It a solution from the Microsoft to manage Microsoft base products form desktops to servers and all. Should give a try ...

How to Deploy Applications in Configuration Manager

Deploying Software and Operating Systems in System Center 2012

I don't recommend Chef unless you are a software developer who knows ruby. Chef is designed for software developers who want to manage IT infrastructure. Not for SysOps people who are the ones that actually end up managing it. It tries to treat IT infrastructure like code which is counter intuitive to how it actually works which is more like just data.

Puppet is more friendly for SysOps people imho but still can be complicated.

The good news is that there are other options as well. Less so for windows but projects like Puppet do support it reasonably well.