Skip to content

Instantly share code, notes, and snippets.

@fbacker

fbacker/Chef-EC2-Windows-WinRM-Issue.md

Last active June 29, 2017 07:21
Show Gist options
  • Save fbacker/3e8a0f5bbde91664d095bd15d2c6163a to your computer and use it in GitHub Desktop.
Save fbacker/3e8a0f5bbde91664d095bd15d2c6163a to your computer and use it in GitHub Desktop.
Download ZIP
WinRM ConnectTimeoutError when using AWS
Raw
Chef-EC2-Windows-WinRM-Issue.md

Issue

knife winrm ConnectTimeoutError when using AWS (Chef Automate) and EC2

Workstation: MacOS 10.12.4
chef Development Kit Version: 1.5.0
chef-client version: 12.21.2
delivery version: master (17c1b0fed9be4c70f69091a6d21a4cbf0df60a23)
berks version: 5.6.4
kitchen version: 1.16.0
inspec version: 1.25.1

What I use

I've created a new Chef Automate (OpsWorks). I've created a cookbook and uploaded to server. Started a new EC2 Windows 2012 R2. Remote access to ec2 and allow Firewall. The EC2 instance is in my private subnet.

So now I add the EC2 as a node. This works great. It appears in Chef Automate portal. knife bootstrap windows winrm 172.31.x.yyy --winrm-user Administrator --winrm-password 'mysecret' --node-name test-windows-1 --run-list 'role[web]'

However. Now I manually try to make an update

knife winrm 'role:web' chef-client --winrm-user Administrator --winrm-password 'mysecret' --attribute cloud.public_hostname
ERROR: HTTPClient::ConnectTimeoutError: execution expired

also tried with

knife winrm 'name:test-windows-1' chef-client --winrm-user Administrator --winrm-password 'mysecret' --attribute cloud.public_hostname
ERROR: HTTPClient::ConnectTimeoutError: execution expired

Looking at the ec2 instance I can't see any new tags or other stuff. Don't know if cloud.public_hostname should be added as a tag?

@fbacker
Copy link
Author

fbacker commented Jun 29, 2017

We have VPN for AWS, third party hosting and the office.
We always use VPN to the office before accessing any servers. That's making everything 'private ip' when working.
Also the AWS and custom hosting talks internal so Chef Automate uses private ip (not all servers are public faced).

Here's my findings :)

Suggestion 1:

$ knife winrm 'role:web' chef-client --winrm-user Administrator --winrm-password 'mysecret'
ERROR: Network Error: getaddrinfo: nodename nor servname provided, or not known (WIN-OOL5EK0FIOF:5985)
Check your knife configuration and network settings

Suggestion 2:

$ knife winrm 'role:web' chef-client --winrm-user Administrator --winrm-password 'mysecret' --attribute 172.31.3.96
FATAL: 2 nodes found, but does not have the required attribute (172.31.3.96) to establish the connection. Try setting another attribute to open the connection using --attribute.

$ knife winrm 'name:test-windows-2' chef-client --winrm-user Administrator --winrm-password 'mysecret' --attribute 172.31.3.96
FATAL: 1 node found, but does not have the required attribute (172.31.3.96) to establish the connection. Try setting another attribute to open the connection using --attribute.

Suggestion 3: Works

$ knife winrm 172.31.3.96 chef-client --winrm-user Administrator --winrm-password 'mysecret' --manual-list
172.31.3.96 [2017-06-29T06:48:45+00:00] INFO: *** Chef 12.21.1 ***
172.31.3.96 [2017-06-29T06:48:45+00:00] INFO: Platform: x64-mingw32

Suggestion 4:

Node not updated, skipping node save
Would be better to be able to use private_hostname maybe if these features are looked into.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment