i am using the below an ubuntu 12.04 with the below
± |master ?:11 ✗| → chef --version
Chef Development Kit Version: 0.10.0
chef-client version: 12.5.1
berks version: 4.0.1
kitchen version: 1.4.2
2016-01-16 13:28:19 ☆ okram in ~/workspace/demo-app
± |master ?:11 ✗| → gem list winrm
*** LOCAL GEMS ***
winrm (1.5.0, 1.3.4)
winrm-s (0.3.4, 0.3.2, 0.3.1)
winrm-transport (1.0.2)
I cannot bootstrap any windows nodes on AWS. Below is the console log. i have tried with the ADDRESS as .<name> but that doesnt work too. The SEcurity grp was fully expose just to make sure that none are blocked.
± |master ?:11 ✗| → knife bootstrap windows winrm ec2-54-201-98-235.us-west-2.compute.amazonaws.com --winrm-user Administrator --winrm-password ‘XXXXXX’ --node-name node3
WARNING: You are using ‘–winrm-authentication-protocol negotiate’ with
’–winrm-transport plaintext’ on a non-Windows system which results in
unencrypted traffic. To avoid this warning and secure communication,
use ‘–winrm-transport ssl’ instead of the plaintext transport,
or execute this command from a Windows system which enables encrypted
communication over plaintext with the negotiate authentication protocol.
Doing old-style registration with the validation key at /home/okram/.chef/awesome-test1-validator.pem…
Delete your validation key in order to use your user credentials instead
Waiting for remote response before bootstrap.ERROR: Failed to authenticate to ec2-54-201-98-235.us-west-2.compute.amazonaws.com as Administrator
Response: WinRM::WinRMAuthorizationError
Hint: Make sure to prefix domain usernames with the correct domain name.
Hint: Local user names should be prefixed with computer name or IP address.
EXAMPLE: my_domain\user_namer
…ERROR: Failed to authenticate to ec2-54-201-98-235.us-west-2.compute.amazonaws.com as Administrator
Response: WinRM::WinRMAuthorizationError
Hint: Make sure to prefix domain usernames with the correct domain name.
Hint: Local user names should be prefixed with computer name or IP address.
EXAMPLE: my_domain\user_namer
…ERROR: Failed to authenticate to ec2-54-201-98-235.us-west-2.compute.amazonaws.com as Administrator
Response: WinRM::WinRMAuthorizationError
Hint: Make sure to prefix domain usernames with the correct domain name.
Hint: Local user names should be prefixed with computer name or IP address.
EXAMPLE: my_domain\user_namer
…ERROR: Failed to authenticate to ec2-54-201-98-235.us-west-2.compute.amazonaws.com as Administrator
Response: WinRM::WinRMAuthorizationError
Hint: Make sure to prefix domain usernames with the correct domain name.
Hint: Local user names should be prefixed with computer name or IP address.
EXAMPLE: my_domain\user_namer
…ERROR: Failed to authenticate to ec2-54-201-98-235.us-west-2.compute.amazonaws.com as Administrator
Response: WinRM::WinRMAuthorizationError
Hint: Make sure to prefix domain usernames with the correct domain name.
Hint: Local user names should be prefixed with computer name or IP address.
EXAMPLE: my_domain\user_namer
.^Z
[7]+ Stopped knife bootstrap windows winrm ec2-54-201-98-235.us-west-2.compute.amazonaws.com --winrm-user Administrator --winrm-password ‘XXXX’ --node-name node3
If you are trying to authenticate to a windows machine via winrm from a linux machine, it uses unencrypted communication. This means that the node needs to be configured to accept unencrypted traffic. You can do that by running the following on the node:
winrm set winrm/config/client/auth '@{Basic="true"}'
winrm set winrm/config/service/auth '@{Basic="true"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
The other, and much more secure, alternative is to setup winrm over SSL.
Matt
The same happens from a windows 8.1 workstation. Let me run the above commands on the windows node and try again. thanks
ahh… i hate windows! or I know nothing on windows
I have executed the commands:
Windows PowerShell
Copyright © 2012 Microsoft Corporation. All rights reserved.
PS C:\Users\Administrator> winrm set winrm/config/client/auth '@{Basic=“true”}'
Auth
Basic = true
Digest = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = false
PS C:\Users\Administrator> winrm set winrm/config/service/auth '@{Basic=“true”}'
Auth
Basic = true
Kerberos = true
Negotiate = true
Certificate = false
CredSSP = false
CbtHardeningLevel = Relaxed
PS C:\Users\Administrator> winrm set winrm/config/service '@{AllowUnencrypted=“true”}'
Service
RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = true
Auth
Basic = true
Kerberos = true
Negotiate = true
Certificate = false
CredSSP = false
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = *
IPv6Filter = *
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
AllowRemoteAccess = true
Bounced the Windows Remote Management Service, re-ran the bootstarp with no success!
PS C:\workspace\demo-app> knife bootstrap windows winrm 54.200.216.255 --winrm-user ‘.\administrator’ --winrm-password ‘XXXX’ --node-name node3
WARNING: Unsupported version of httpclient. The supported major version of library is httpclient version 2.6. This code
path monkey patches few methods in httpclient to support additional features. This could possibly work, but it is advise
d to extensively test your version. If you are aware of the impact of using 2.7.0, this warning can be disabled by setti
ng USE_HTTPCLIENT_MAJOR to the major version 2.7.
Doing old-style registration with the validation key at C:/Users/niristotle.okram/.chef/awesome-test1-validator.pem…
Delete your validation key in order to use your user credentials instead
Waiting for remote response before bootstrap…ERROR: No response received from remote node after 2.52 minutes, gi
ving up.
ERROR: Exception: A connection attempt failed because the connected party did not properly respond after a period of tim
e, or established connection failed because connected host has failed to respond. - connect(2) for “54.200.216.255” port
5985 (54.200.216.255:5985)
ERROR: Network Error: A connection attempt failed because the connected party did not properly respond after a period of
time, or established connection failed because connected host has failed to respond. - connect(2) for "54.200.216.255"
port 5985 (54.200.216.255:5985)
Check your knife configuration and network settings
PS C:\workspace\demo-app>
Odd and now it appears unable to connect on port 5985 whereas before you were at least getting the WinRM::WinRMAuthorizationError
which indicates a successful network connection was established.
Yeah!!! So, i tested the node’s WinRM using the below command:
PS C:\workspace\demo-app> knife wsman test 54.200.216.255 -m
Enter your password:
WARNING: Failed to connect to 54.200.216.255 at http://54.200.216.255:5985/wsman.
ERROR: Failed to connect to 1 nodes.
Then, i logg’ed into the node and turned off the firewall. The next test passed!!!
PS C:\workspace\demo-app> knife wsman test 54.200.216.255 -m
Enter your password:
Connected successfully to 54.200.216.255 at http://54.200.216.255:5985/wsman.
So i guess the windows f/w was blocking this port.
Now i can bootstrap successfully.
May i ask how do i run a chef-client on windows?
I a linux node, i trigger a run with the command "chef-client’ from a shell. But is this different in Windows?
Do i need to know - powershell scripting to work on Windows with chef?
Thanks
Interesting. windows 2012R2 has 5985 enabled by default but perhaps your base image disabled it. Now that you are bootstrapped, you can run the chef client by running “chef-client” on the node (or via knife winrm) or you can use the chef-client cookbook to install the the chef client service and it will run periodically.
It does help to have some powershell knowledge if you are writing cookbooks or resources but not so necessary if consuming existing cookbooks.
After the bootstrap, although i didn’t have a runlist populated, i ran the chef-client but it failed
PS C:\Users\Administrator> chef-client
chef-client : The term ‘chef-client’ is not recognized as the name of a cmdlet, function, script file, or operable
program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
Then, i changed the bootstrap to install the chef-client as a service. I used the below command:
knife bootstrap windows winrm 54.200.216.255 --winrm-user ‘administrator’ --winrm-password ‘xxxx’ -r chef-client::service --node-name node3
i now have the chef-client as a service. But why am i not able to run it manually, like i do in a linux machine?
hmm. sounds like c:\opscode\chef\bin is not in your path. Try running c:\opscode\chef\bin\chef-client.bat and that should kick off locally.
i noticed earlier that the PATH was updated by the bootstrap process. I think, i needed to kill the existing shell and start a new one to get the new PATH loaded. But i restarted the node and node, works like a charm. Thanks Matt…
i will try the other option of bootstrapping which prevents the plain text soon.