How Can Puppet’s Logging Stay With a Manifest That Has a Long Duration On A Windows Server?

Problem scenario:  Some manifests kick off a non-Puppet script that has a long duration.  By default the manifest will time out after 300 seconds.  That means the manifest will not run properly if it cannot complete in five minutes.  How do you run long-duration manifests?

Solution (Part 1 of 2):  Use the timeout => directive.  For example in the Puppet manifest, have a stanza like this:

...
timeout => 1200,
...

This sets the timeout to be 1,200 seconds.  For Linux Puppet Agents, this is all you need.  For Windows Puppet Agents, a second part is needed for the solution.

Solution (Part 2 of 2):  The following does not apply for Linux Puppet Agents (just Windows).  Puppet may initiate a PowerShell script (or batch script) but then Puppet itself quits logging/monitoring.  Besides not having logging throughout the scripts' run-time duration, you cannot monitor the process or even debug where it fails (assuming it does not run smoothly).  What is worse is that by default the manifest will time out after 300 seconds.  

For PowerShell scripts, have the command invoke start-process with the "-wait -NoNewWindow" flags.  For example,

...
command => 'c:\windows\system32\WindowsPowerShell\v1.0\powershell.exe start-process c:\windows\system32\WindowsPowerShell\v1.0\powershell.exe c:\temp\contint.ps1 -Wait -NoNewWindow',
require => File['c:\temp\contint.ps1'],
timeout => 1200,
...

Timeouts of 3600 or higher are acceptable.  The above command stanza does not need a "provider" designation because the absolute path to powershell.exe is in the command.

If a PowerShell script starts a Scheduled Task, the rest of the script will be evaluated.  Ordinarily the PowerShell execution does not pause to wait for the Scheduled Task to complete, and the rest of the script continues to run.  To ensure that the execution is controlled serially and strictly for Puppet to log accurately and synchronously the activity of the script, you can do something like this:

command => start-process (c:\windows\system32\schtasks.exe /run /tn 'NameOfST") -wait -nonewwindow
provider => powershell,

Having a Scheduled Task run another process has its advantages because remoting into a server does not provide a full interactive desktop environment.  (See this link for more information.)  You may want to delete the Scheduled Task if it is a one-time operation.  Then the Scheduled Tasks stay clean for future administration of the server.

Leave a comment

Your email address will not be published. Required fields are marked *