WinRM Chicken / Egg


#1

I’m familiar with the process of setting up WinRM to allow bootstrapping of
machines with knife.

However, I’d like to be able to bootstrap machines without having to first
log onto the machine and configure WinRM. That seems kinda pointless - if
I’m going to have to log onto the machine to set up a WinRM listener, I
might as well just install Chef while I’m at it. It also doesn’t scale at
all…

I’m operating mostly in a cloudy world - combination of Rackspace and EC2.
I’m considering using user data on EC2 to run the WinRM setup stuff… I
assume Rackspace has an equivalent mechanism.

Is this pretty much the way to go? What I’d love would be the ability to
run a script using my RDP credentials, but so far I’ve not seen a way to do
this.

Am I missing a trick? I’d really love to be able to run a script which
basically connects to the newly created cloud machine, and runs the winrm
stuff to set up the ability to run knife over it. Pipe dream?

Thanks!

-aob


#2

Hello Angus,

On EC2 (and other clouds that support userdata), we can pass a
Powershell/Batch script that sets things up for us on a Standard Win 2k8
Image.

Here is the script:

winrm quickconfig -q winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="300"}' winrm set winrm/config '@{MaxTimeoutms="1800000"}' winrm set winrm/config/service '@{AllowUnencrypted="true"}' winrm set winrm/config/service/auth '@{Basic="true"}'

This should setup winrm for you pre-bootstrapping.

And here is the ec2 command:
knife ec2 server create … --user-data enableWinRM.ps1…

Let me know if this helps!

Regards*,*
Chirag Jog
Chief Technology Officer,
Clogeny Technologies | http://clogeny.com
(M) 0091-9766619440 | Skype: chirag.jog

On Sun, Mar 3, 2013 at 2:08 PM, Angus Buchanan
angus.o.buchanan@gmail.comwrote:

I’m familiar with the process of setting up WinRM to allow bootstrapping
of machines with knife.

However, I’d like to be able to bootstrap machines without having to first
log onto the machine and configure WinRM. That seems kinda pointless - if
I’m going to have to log onto the machine to set up a WinRM listener, I
might as well just install Chef while I’m at it. It also doesn’t scale at
all…

I’m operating mostly in a cloudy world - combination of Rackspace and EC2.
I’m considering using user data on EC2 to run the WinRM setup stuff… I
assume Rackspace has an equivalent mechanism.

Is this pretty much the way to go? What I’d love would be the ability to
run a script using my RDP credentials, but so far I’ve not seen a way to do
this.

Am I missing a trick? I’d really love to be able to run a script which
basically connects to the newly created cloud machine, and runs the winrm
stuff to set up the ability to run knife over it. Pipe dream?

Thanks!

-aob


#3

This is a great idea Chirag, thanks for posting!

In a slightly different but related topic, does anyone have info on doing
this without turning off encryption?

-Mat

On Mar 3, 2013, at 4:40, Chirag Jog chirag@clogeny.com wrote:

Hello Angus,

On EC2 (and other clouds that support userdata), we can pass a
Powershell/Batch script that sets things up for us on a Standard Win 2k8
Image.

Here is the script:

winrm quickconfig -q winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="300"}' winrm set winrm/config '@{MaxTimeoutms="1800000"}' winrm set winrm/config/service '@{AllowUnencrypted="true"}' winrm set winrm/config/service/auth '@{Basic="true"}'

This should setup winrm for you pre-bootstrapping.

And here is the ec2 command:
knife ec2 server create … --user-data enableWinRM.ps1…

Let me know if this helps!

Regards*,*
Chirag Jog
Chief Technology Officer,
Clogeny Technologies | http://clogeny.com
(M) 0091-9766619440 | Skype: chirag.jog

On Sun, Mar 3, 2013 at 2:08 PM, Angus Buchanan
angus.o.buchanan@gmail.comwrote:

I’m familiar with the process of setting up WinRM to allow bootstrapping
of machines with knife.

However, I’d like to be able to bootstrap machines without having to first
log onto the machine and configure WinRM. That seems kinda pointless - if
I’m going to have to log onto the machine to set up a WinRM listener, I
might as well just install Chef while I’m at it. It also doesn’t scale at
all…

I’m operating mostly in a cloudy world - combination of Rackspace and EC2.
I’m considering using user data on EC2 to run the WinRM setup stuff… I
assume Rackspace has an equivalent mechanism.

Is this pretty much the way to go? What I’d love would be the ability to
run a script using my RDP credentials, but so far I’ve not seen a way to do
this.

Am I missing a trick? I’d really love to be able to run a script which
basically connects to the newly created cloud machine, and runs the winrm
stuff to set up the ability to run knife over it. Pipe dream?

Thanks!

-aob


#4

Thanks Chirag,

That’s pretty much the direction I had started down. However I haven’t yet
worked out what happens with the Administrator password. If I launch a
machine via the EC2 management console, there’s a little dance I have to do
to get the password for the Administrator, by providing my half of a key.

When I launch a machine with knife, I don’t see where this comes in.
Indeed knife ec2 requires the ssh key ID, but then waits for sshd (which
of course never comes).

How to you automate the obtaining of the Admin credentials? Do you just
pass in a run list which creates a known user?

$ knife ec2 server create -f t1.micro --user-data src/chef/enableWinRM.
ps1 -I ami-d6929fa2 -Z eu-west-1a -S aob
Instance ID: i-c048df8a
Flavor: t1.micro
Image: ami-d6929fa2
Region: eu-west-1
Availability Zone: eu-west-1a
Security Groups: default
Tags: {“Name”=>“i-c048df8a”}
SSH Key: aob

Waiting for server…
Public DNS Name: ec2-46-137-43-193.eu-west-1.compute.amazonaws.com
Public IP Address: 46.137.43.193
Private DNS Name: ip-10-227-21-126.eu-west-1.compute.internal
Private IP Address: 10.227.21.126

Waiting for sshd…

Thanks!

-aob

On Sun, Mar 3, 2013 at 9:39 AM, Chirag Jog chirag@clogeny.com wrote:

Hello Angus,

On EC2 (and other clouds that support userdata), we can pass a
Powershell/Batch script that sets things up for us on a Standard Win 2k8
Image.

Here is the script:

winrm quickconfig -q winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="300"}' winrm set winrm/config '@{MaxTimeoutms="1800000"}' winrm set winrm/config/service '@{AllowUnencrypted="true"}' winrm set winrm/config/service/auth '@{Basic="true"}'

This should setup winrm for you pre-bootstrapping.

And here is the ec2 command:
knife ec2 server create … --user-data enableWinRM.ps1…

Let me know if this helps!

Regards*,*
Chirag Jog
Chief Technology Officer,
Clogeny Technologies | http://clogeny.com
(M) 0091-9766619440 | Skype: chirag.jog

On Sun, Mar 3, 2013 at 2:08 PM, Angus Buchanan <angus.o.buchanan@gmail.com

wrote:

I’m familiar with the process of setting up WinRM to allow bootstrapping
of machines with knife.

However, I’d like to be able to bootstrap machines without having to
first log onto the machine and configure WinRM. That seems kinda pointless

  • if I’m going to have to log onto the machine to set up a WinRM listener,
    I might as well just install Chef while I’m at it. It also doesn’t scale
    at all…

I’m operating mostly in a cloudy world - combination of Rackspace and
EC2. I’m considering using user data on EC2 to run the WinRM setup
stuff… I assume Rackspace has an equivalent mechanism.

Is this pretty much the way to go? What I’d love would be the ability to
run a script using my RDP credentials, but so far I’ve not seen a way to do
this.

Am I missing a trick? I’d really love to be able to run a script which
basically connects to the newly created cloud machine, and runs the winrm
stuff to set up the ability to run knife over it. Pipe dream?

Thanks!

-aob


#5

Hi Angus,
Yes - thats a bit of a pain. I had gone ahead and added support in the
knife plugin to fetch the windows password - that code hasn’t been merged
yet(its part of a larger feature-set) - but here is the patch for the same
you can use:

Regards*,*
Chirag Jog
Chief Technology Officer,
Clogeny Technologies | http://clogeny.com
(M) 0091-9766619440 | Skype: chirag.jog

On Mon, Mar 4, 2013 at 12:17 AM, Angus Buchanan
angus.o.buchanan@gmail.comwrote:

Thanks Chirag,

That’s pretty much the direction I had started down. However I haven’t
yet worked out what happens with the Administrator password. If I launch a
machine via the EC2 management console, there’s a little dance I have to do
to get the password for the Administrator, by providing my half of a key.

When I launch a machine with knife, I don’t see where this comes in.
Indeed knife ec2 requires the ssh key ID, but then waits for sshd (which
of course never comes).

How to you automate the obtaining of the Admin credentials? Do you just
pass in a run list which creates a known user?

$ knife ec2 server create -f t1.micro --user-data src/chef/enableWinRM.
ps1 -I ami-d6929fa2 -Z eu-west-1a -S aob
Instance ID: i-c048df8a
Flavor: t1.micro
Image: ami-d6929fa2
Region: eu-west-1
Availability Zone: eu-west-1a
Security Groups: default
Tags: {“Name”=>“i-c048df8a”}
SSH Key: aob

Waiting for server…
Public DNS Name: ec2-46-137-43-193.eu-west-1.compute.amazonaws.com
Public IP Address: 46.137.43.193
Private DNS Name: ip-10-227-21-126.eu-west-1.compute.internal
Private IP Address: 10.227.21.126

Waiting for sshd…

Thanks!

-aob

On Sun, Mar 3, 2013 at 9:39 AM, Chirag Jog chirag@clogeny.com wrote:

Hello Angus,

On EC2 (and other clouds that support userdata), we can pass a
Powershell/Batch script that sets things up for us on a Standard Win 2k8
Image.

Here is the script:

winrm quickconfig -q winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="300"}' winrm set winrm/config '@{MaxTimeoutms="1800000"}' winrm set winrm/config/service '@{AllowUnencrypted="true"}' winrm set winrm/config/service/auth '@{Basic="true"}'

This should setup winrm for you pre-bootstrapping.

And here is the ec2 command:
knife ec2 server create … --user-data enableWinRM.ps1…

Let me know if this helps!

Regards*,*
Chirag Jog
Chief Technology Officer,
Clogeny Technologies | http://clogeny.com
(M) 0091-9766619440 | Skype: chirag.jog

On Sun, Mar 3, 2013 at 2:08 PM, Angus Buchanan <
angus.o.buchanan@gmail.com> wrote:

I’m familiar with the process of setting up WinRM to allow bootstrapping
of machines with knife.

However, I’d like to be able to bootstrap machines without having to
first log onto the machine and configure WinRM. That seems kinda pointless

  • if I’m going to have to log onto the machine to set up a WinRM listener,
    I might as well just install Chef while I’m at it. It also doesn’t scale
    at all…

I’m operating mostly in a cloudy world - combination of Rackspace and
EC2. I’m considering using user data on EC2 to run the WinRM setup
stuff… I assume Rackspace has an equivalent mechanism.

Is this pretty much the way to go? What I’d love would be the ability
to run a script using my RDP credentials, but so far I’ve not seen a way to
do this.

Am I missing a trick? I’d really love to be able to run a script which
basically connects to the newly created cloud machine, and runs the winrm
stuff to set up the ability to run knife over it. Pipe dream?

Thanks!

-aob


#6

Hi Chriag,

On 3 March 2013 18:53, Chirag Jog chirag@clogeny.com wrote:

I had gone ahead and added support in the knife
plugin to fetch the windows password - that code hasn’t been merged yet(its
part of a larger feature-set) - but here is the patch for the same you can
use:

https://github.com/chirag-jog/knife-ec2/commit/bd4d7dea6554b1a2d2f75782f2da64a4b54588e4

That’s pretty awesome stuff. Looking at the rest of your fork, how
much of this works? I’m actually about to spin up a bunch of EC2
Windows machines for a training course… being able to combine the
winrm bootstrap and the getting the admin password in one command
would be amazing.

Just for a try I cloned your repo and bundled it up and ran a bundle
exec knife ec2 server create… I got:

Waiting for sshd
ERROR: ArgumentError: wrong number of arguments (1 for 2)

Before I dive in… should I expect this to just work, or is this in a
state of flux?

S.

Stephen Nelson-Smith,
Founder, Principal Consultant,
Atalanta Systems Ltd,
Web: http://agilesysadmin.net
Twitter: @lordcope
Skype: atalanta.systems
Direct: +44 (0) 1329 550203
Mobile: +44 (0) 7917 101919

Atalanta Systems: The Agile Infrastructure Enablers
http://atalanta-systems.com