This article (https://controlaltfail.wordpress.com/2017/11/23/ansible-and-chocolatey-with-windows-fileshare-repository/) proved to be a big help. I don’t want to take anything away from it, but would like to add my own notes. It was a huge help in getting this working.
Working with a client in a Windows 10 and System Center Configuration Manager (SCCM) environment, but trying to modernize how desktop images get built and deployed for a virtual desktop infrastructure (VDI). They are not going to deviate away from using SCCM, so we are trying to create an environment where the two can co-exist. Unfortunately, Chocolatey’s documentation is hard to follow and (in my opinion) not quite mature enough for the masses. I have confidence they will get there in the future and also realize that this use case is very specific and unlikely needed in the majority of environments.
In an attempt to install application packages using a Windows File and Folder source for Chocolatey packages, my colleague and I ran into issues with how the folder share was being accessed. It was successful 100% of the time by running choco install vscode from an elevated PowerShell.
So that looked good, it was assumed that it would also work in an Ansible Playbook. The playbook is very simple.
---
- hosts: all
tasks:
- name: Install Microsoft Visual Studio Code
win_chocolatey:
name: vscode
state: latest
...
I’ll save you from zooming in and hurting your eyes. The part that catches my eyes is, “The package was not found with the source(s) listed.” Well, that’s odd because it just worked when I was on the machine. So I added another line to add an explicit source (not shown), added other lines to authenticate the source (not shown), and even added another task to add another source (not shown). Every time the playbook ran, this error displayed. So it is not the Chocolatey source.
Let me take a step back here. I forgot to mention that I originally had my .nupkg files stored on a CIFS share from my Synology NAS, not on a Windows folder share. I ended up creating a Windows File and Folder share as a troubleshooting step later.
And we’re back…I double checked my Windows share, it was shared out, the file was present, the source was accurate and visible to Chocolatey as was apparent by the test install directly on the machine. It had to be something else. My colleague ended up finding the article I posted in the top of this post. Sure enough, it worked.
How to fix it
On the folder that is being shared out, add ANONYMOUS LOGIN to the Share Permissions. Ensure the Read checkbox is checked under allow.
On the Security tab, add the ANONYMOUS LOGIN group and set the permissions to List folder contents and Read.
Lastly, open secpol.msc and add the shared folder to the Network access: Shares that can be accessed anonymous. If you look in the snip below, you can see that I have added the Chocolatey share. The setting is not well documented (without going to Internet) so I was unsure if I was supposed to use the UNC path, the explicit location, or just the name. I opted to add just the name and it worked. Mileage may very, but was not tested.
Went back to my Ansible control node and ran another test and was pleased to see that this was resolved.
I thought that was an awful lot of work and feel like I lowered security in my system just to make this work, though. There has to be a better way, but unfortunately, at this time, I am unsure of such. Please reach out to me or comment if you know how to make this work without all the leg work. Like I mentioned above, this is going to probably be an unlikely case because most Chocolatey users will be able to use a robust server or even the simple server solution.