The c:\watchmaker\logs\watchmaker.log Log-File

This file tracks the top-level execution of the watchmaker configuration-utility. This file should always exist. The primary reasons that it may not exist are:

• The provisioning-administrator has checked for the log before the watchmaker-utility has been downloaded and an execution-attempted. This typically happens if a watchmaker-execution is attempted late in a complex provisioning-process

• An execution-attempt wholly failed. In this case, check the logs for the watchmaker-calling service or process.

• The provisioning-administrator has not invoked watchmaker in accordance with the watchmaker project’s usage-guidance: if a different logging-location was specified (e.g., by adding a flag/argument like --log-dir=C:\TEMP\watchmaker), the provisioning-administrator would need to check the alternately-specified logging-location.

• The provisioning-administrator invoked the watchmaker-managed content directly (e.g., using salt-call -c c:\watchmaker\salt\conf state.highstate). In this scenario, only the content-execution may have been logged (whether logging was captured and where would depend on how the direct-execution was requested).

Location Note

The cited-location of the main watchmaker-execution’s log-file is predicated on the assumption that watchmaker has been executed per the Usage-guidance for Windows:

<powershell>
$BootstrapUrl = "https://watchmaker.cloudarmor.io/releases/latest/watchmaker-bootstrap.ps1"
$PythonUrl = "https://www.python.org/ftp/python/3.10.11/python-3.10.11-amd64.exe"
$PypiUrl = "https://pypi.org/simple"

# Use TLS 1.2+
[Net.ServicePointManager]::SecurityProtocol = "Tls12, Tls13"

# Download bootstrap file
$BootstrapFile = "${Env:Temp}\$(${BootstrapUrl}.split('/')[-1])"
(New-Object System.Net.WebClient).DownloadFile("$BootstrapUrl", "$BootstrapFile")

# Install python
& "$BootstrapFile" -PythonUrl "$PythonUrl" -Verbose -ErrorAction Stop

# Install Watchmaker
python -m pip install --index-url="$PypiUrl" --upgrade pip setuptools
python -m pip install --index-url="$PypiUrl" --upgrade watchmaker

# Run Watchmaker
watchmaker --log-level debug --log-dir=C:\Watchmaker\Logs
</powershell>

The value of the --log-dir parameter sets the directory-location where watchmaker will create its log-files, including the watchmaker.log file. If a different value is set for the --log-dir parameter, the log-file will be created in that directory-location, instead.

Typical Errors

• Bad specification of remotely-hosted configuration file. This will typically come with an HTTP 404 error similar to:

  botocore.exceptions.ClientError: An error occurred (404) when calling the HeadObject operation: Not Found
  

  Ensure that the requested URI for the remotely-hosted configuration file is valid.

• Attempt to use a protected, remotely-hosted configuration-file. This will typically come win an HTTP 403 error. Most typically, this happens when the requested configuration-file exists on a protected network share and the requesting-process doesn’t have permission to access it.

  botocore.exceptions.ClientError: An error occurred (403) when calling the HeadObject operation: Forbidden
  

  Ensure that watchmaker has adequate permissions to access the requested, remotely-hosted configuration file.

• Remotely-hosted configuration file is specified as an s3:// URI without installation of boto3 Python module. This will typically come with an error similar to:

  2023-06-22 14:26:59,192 [backoff][INFO ][4908]: Backing off urlopen_retry(...) for 0.6s (urllib.error.URLError: <urlopen error unknown url type: s3>)
  2023-06-22 14:26:59,803 [backoff][ERROR][4908]: Giving up urlopen_retry(...) after 5 tries (urllib.error.URLError: <urlopen error unknown url type: s3>)
  2023-06-22 14:26:59,803 [watchmaker.config][CRITICAL][4908]: Could not read config file from the provided value "s3://<BUKKIT>/<PREFIX>/config.yaml"! Check that the config is available.
  

  Ensure that the boto3 Python module has been installed prior to attempting to execute watchmaker

Alternate Logs

As noted above, this logfile may not exist if execution of watchmaker has wholly failed. If the execution was attempted via automated-startup methods but there is no watchmaker logfile, it will be necessary to check the CSP provider-logs. On AWS, the logs to check (per the vendor documentation) will be:

• If using (legacy) EC2Launch, the log-file to search will be C:\ProgramData\Amazon\EC2-Windows\Launch\Log\UserdataExecution.log

• If using EC2Launch v2, the log-file to search will be C:\ProgramData\Amazon\EC2Launch\log\agent.log