Last active
April 19, 2018 14:17
-
-
Save kwilczynski/632e7eeeb9a6d909ef95 to your computer and use it in GitHub Desktop.
Windows, Chef and the WinRM Troubles
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Microsoft Azure images: | |
| 1) Make sure that WinRM is allowed and prots are open (Azure allows remote connectvity) | |
| 2) On stock images, you might need to allow WinRM on the "Public" network (by default only local network allowa it in) | |
| 3) When doing a bootstrap from Windows to remote Windows node, make sure that you have latest version of knife-windows | |
| and latest version of winrm-s Ruby gems (and that your Basic and AllowUnencrypted options for WinRM are switched off) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # To get password for Windows privileged user on Amazon EC2: | |
| aws ec2 get-password-data --instance-id <ID> --region eu-west-1 --priv-launch-key ~/.ssh/id_rsa | |
| # Linux and/or Unix clients: | |
| knife bootstrap windows winrm <HOST NAME> -x <USER NAME> -P <PASSWORD> | |
| # Windows clients (most likely): | |
| ## Note: <DOMAIN> can also be replaced with a single dot "." - in such case it means *this* computer. | |
| knife bootstrap windows winrm <HOST NAME> -x <DOMAIN>\<USER NAME> -P <PASSWORD> | |
| knife winrm <HOST NAME> 'chef-client -o test-win -l debug' -x <USER NAME> -P <PASSWORD> -m |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| knife winrm <HOST NAME> 'hostname' -x <USER NAME> -P <PASSWORD> -m | |
| winrs -r:<HOST NAME> -u:Administrator -p:<PASSWORD> hostname |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ls -r wsman:\localhost\service | |
| ls -r wsman:\localhost\service | format-table -property Name, Value,SourceOfValue |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1) C:\opscode\chef\embedded\bin\gem uninstall -a knife-windows | |
| 2a) C:\opscode\chef\embedded\bin\gem install --no-ri --no-rdoc knife-windows -v 0.8.0 | |
| 2b) C:\opscode\chef\embedded\bin\gem install --no-ri --no-rdoc knife-windows -v 0.8.2 | |
| # Note: 0.8.2 is preferred. | |
| OR | |
| 2c) C:\opscode\chef\embedded\bin\gem install --no-ri --no-rdoc knife-windows --pre |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://github.com/opscode/knife-windows/issues/89 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Improve JSON parsing performance on Windows (pre Chef client 12): | |
| 1a) C:\opscode\chef\embedded\bin\gem uninstall -a ffi-yajl | |
| 1b) C:\opscode\chef\embedded\bin\gem uninstall -a libyajl2 | |
| 2) C:\opscode\chef\embedded\bin\gem install --no-rdoc --no-ri ffi-yajl libyajl2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Allow for domain-based authentication to work with knife winrm: | |
| gem install winrm-s --pre | |
| gem uninstall winrm-s --version '= 0.2.0' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://www.getchef.com/blog/2014/11/04/the-chefdk-on-windows-survival-guide/ | |
| https://github.com/opscode/chef-dk/issues/186 | |
| # Powershell ChefDK environment settings a'la chef shell-init: | |
| https://gist.github.com/bdwyertech/4e21f83ac637e0d94e88 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://github.com/opscode/knife-windows/issues/96 | |
| https://github.com/opscode/knife-windows/issues/108 | |
| https://github.com/opscode/knife-windows/pull/109 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # On the remote node/server: | |
| winrm quickconfig -q | |
| winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="300"}' | |
| winrm set winrm/config '@{MaxTimeoutms="1800000"}' | |
| # When NOT USING a domain-based authentication (i.e., from Linux/Unix to Windows node): | |
| winrm set winrm/config/service/auth '@{Basic="true"}' | |
| winrm set winrm/config/service '@{AllowUnencrypted="true"}' | |
| # When USING a domain-based authentication (i.e., from Windows (workstation) to Windows node): | |
| ## On the remote server/node: | |
| winrm set winrm/config/service/auth '@{Basic="false"}' | |
| winrm set winrm/config/service '@{AllowUnencrypted="false"}' | |
| ## On the client node/workstation: | |
| winrm set winrm/config/client/auth '@{Basic="false"}' | |
| winrm set winrm/config/client '@{AllowUnencrypted="false"}' | |
| # Display current configuration: | |
| winrm enumerate winrm/config/listener | |
| # If needed: | |
| winrm create winrm/config/Listener?Address=*+Transport=HTTP '@{Port="5985"}' | |
| winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Port="5986"}' | |
| # Enable and start WinRM service: | |
| sc stop WinRM | |
| sc config WinRM start= auto | |
| sc start WinRM | |
| # If needed: | |
| winrm set winrm/config/client '@{TrustedHosts="<HOST1>,<HOST2>,..."}' | |
| # Test: | |
| winrm identify -r:http://<HOST NAME>:5985 -auth:basic -u:<USER NAME> -p:<PASSWORD> -encoding:utf-8 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $Computer = '<HOST NAME>' | |
| $Credential = Get-Credential | |
| Test-WSMan $Computer | |
| if (-not (get-item WSMan:\localhost\Client\Auth\Basic)) | |
| { | |
| Set-item WSMan:\localhost\Client\Auth\Basic -Value $true | |
| } | |
| Test-WSMan $Computer -Authentication Basic -Credential $Credential |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment