Published on 13 October 2016 by

At Puppet, we’ve been working on a supported Chocolatey module that will provide more support and stability than what you may find in the approved Chocolatey module. The current plan is that the Puppet Approved chocolatey/chocolatey module will continue to exist in parallel with the Puppet Supported module, but may move at a more rapid release rate and have less stability. The Chocolatey team has worked with Puppet to create the Puppet Supported module for customers who need both stability and support from Puppet for the Chocolatey provider.

There have been some major improvements with the Chocolatey module. Most notable is complete control over your Chocolatey configuration with Puppet.

The Puppet Chocolatey provider now has chocolateyconfg, chocolateyfeature, and chocolateysource custom resource types. These types work during the same run where you ensure Chocolatey is installed. We think you are going to love the ability to lock down your configuration immediately to use your internal sources and set other features, really setting up Chocolatey to your custom sweet tooth!

Let’s see how we use Puppet to disable the default community repository and add our own source:

    chocolateysource {'chocolatey':
      ensure   => disabled,
    }

    chocolateysource {'internal_chocolatey':
      ensure   => present,
      location => 'http://internal/server',
      priority => 1,
    }

We've disabled the default community repository and set the priority of our internal server (internal_chocolatey above) to 1, which is the highest priority. If we configure any additional sources later at a lower priority or no priority (0), then Chocolatey will search this source for packages prior to any other source. To learn more about sources, see Source Command and How To Host Your Own Package Server. You can also read Chocolatey: Hosting your own server.

Set configuration

Now let’s set some configuration and options.

    chocolateyfeature {'checksumFiles':
      ensure => enabled,
    }

    #not suggested for external use
    chocolateyfeature {'allowEmptyChecksums':
      ensure => enabled,
    }

    chocolateyfeature {'useFipsCompliantChecksums':
      ensure => enabled,
    }

    chocolateyconfig {'cacheLocation':
      value  => 'c:\ProgramData\choco-cache',
    }

    chocolateyconfig {'commandExecutionTimeoutSeconds':
      value  => '2700',
    }

To see the full list of items you can use with chocolateyconfig, try running choco config list or puppet resource chocolateyconfig. For features, use choco feature list or puppet resource chocolateyfeature.

Mix In business edition for major sweetness

Most people start with the open source version of Chocolatey. Typically organizations that are serious about Chocolatey integrate with the business edition to take advantage of Package Builder, Package Internalizer, Package Synchronizer, etc. Let’s say we have Chocolatey for Business and we want to keep everything internal, including the updates to the licensed edition extension package.

We'll need to download the latest version of the licensed edition and put it on our internal server. Let's run the following commands:

  • choco download chocolatey.extension -u customer -p <licenseIdGuidFromLicenseFile> -s "'https://licensedpackages.chocolatey.org/api/v2;https://chocolatey.org/api/v2'"
  • choco push chocolatey.extension.1.7.0.nupkg -s http://internal/server

Now once we have the licensed extension on our internal package server, we'll need to do the following:

file { ['C:/ProgramData/chocolatey','C:/ProgramData/chocolatey/license']:
  ensure => directory,
} 

file {'C:/ProgramData/chocolatey/license/chocolatey.license.xml':
  ensure             => file,
  source             => 'puppet:///modules/internal/chocolatey.license.xml',
  source_permissions => ignore,
}

chocolateysource {'chocolatey.licensed':
  ensure   => disabled,
  require  => File['C:/ProgramData/chocolatey/license/chocolatey.license.xml'],
}

package { 'chocolatey.extension':
  ensure   => latest,
  provider => chocolatey,
  source   => 'internal_chocolatey',
}

This sets our license file from a module named internal, then disables the licensed source and instead installs the licensed extension from our internal source.

Put it all together

Let’s see what a complete solution for Chocolatey looks like, including setting up an internal package repository to host packages on.

case $operatingsystem {
  'windows':    {
    Package {
      provider => chocolatey,
    }
  }
}

# ensure Chocolatey is installed - host the package internally
class {'chocolatey':
  chocolatey_download_url         => 'https://internalurl/to/chocolatey.nupkg',
  use_7zip                        => false,
  choco_install_timeout_seconds   => 2700,
}

# ensure installation of the Chocolatey Simple Server package repository
# NOTE: requires version that doesn't have a dependency on the approved chocolatey/chocolatey module
class {'chocolatey_server':
  server_package_source => 'https://internalurl/odata/server',
}

file { ['C:/ProgramData/chocolatey','C:/ProgramData/chocolatey/license']:
  ensure => directory,
} 

file {'C:/ProgramData/chocolatey/license/chocolatey.license.xml':
  ensure             => file,
  source             => 'puppet:///modules/internal/chocolatey.license.xml',
  source_permissions => ignore,
}

# configure sources
chocolateysource {'chocolatey':
  ensure   => disabled,
}

chocolateysource {'internal_chocolatey':
  ensure   => present,
  location => 'http://internal/server',
  user     => 'chocolateyRocks',
  password => 'superS3cr#t!',
  priority => 1,
}

chocolateysource {'chocolatey.licensed':
  ensure   => disabled,
  require  => File['C:/ProgramData/chocolatey/license/chocolatey.license.xml'],
}

package { 'chocolatey.extension':
  ensure   => latest,
  source   => 'internal_chocolatey',
}

# set features appropriately
chocolateyfeature {'checksumFiles':
  ensure => enabled,
}

#not suggested for external use
chocolateyfeature {'allowEmptyChecksums':
  ensure => enabled,
}

chocolateyfeature {'useFipsCompliantChecksums':
  ensure => enabled,
}

# configuration
chocolateyconfig {'cacheLocation':
  value  => 'c:\ProgramData\choco-cache',
}

chocolateyconfig {'commandExecutionTimeoutSeconds':
  value  => '2700',
}


# Additional setup - requires Business edition
# https://chocolatey.org/docs/features-automatically-recompile-packages 
chocolateyfeature {'internalizeAppendUseOriginalLocation':
  ensure => enabled,
  require => Package['chocolatey.extension'],
}

# https://chocolatey.org/docs/features-synchronize 
chocolateyfeature {'allowSynchronization':
  ensure => enabled,
  require => Package['chocolatey.extension'],
}

# https://chocolatey.org/docs/features-virus-check
chocolateyfeature {'virusCheck':
  ensure => enabled,
  require => Package['chocolatey.extension'],
}

chocolateyconfig {'virusScannerType':
  value  => 'Generic',
  require => Package['chocolatey.extension'],
}

chocolateyconfig {'genericVirusScannerPath':
  value  => 'C:\antivirus\virusscanner.exe',
  require => Package['chocolatey.extension'],
}

chocolateyconfig {'genericVirusScannerArgs':
  value  => '[[File]]',
  require => Package['chocolatey.extension'],
}

chocolateyconfig {'genericVirusScannerValidExitCodes':
  value  => '0',
  require => Package['chocolatey.extension'],
}

# ensure installation of some packages
package {'git':
  ensure => latest,
}

package {'notepadplusplus':
  ensure => installed,
}

package {'sqlserver':
  ensure => '2014.1',
}

We've set up an entire infrastructure, and installed some software to boot.

Give it a shot!

We are excited about the supported Chocolatey module release, and believe you will be as well. From controlling your entire Chocolatey configuration to complete control over your software management infrastructure, you won't know how you managed software on Windows before Puppet and Chocolatey!

Rob is a senior software engineer at Puppet.

Learn more

Share via:
Posted in:
Tagged:
The content of this field is kept private and will not be shown publicly.

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.