主厨 bootstrap 没有域 ip
chef bootstrap with out domain ip
我发现如果我尝试 bootstrap windows 2012 服务器,我会收到此错误。
knife bootstrap windows winrm 192.0.2.0 -N foobar -x vagrant -P vagrant -r "role[foo]" -E dev -V
Waiting for remote response before bootstrap.ERROR: Failed to authenticate to 192.0.2.0 as vagrant
Response: WinRM::WinRMAuthorizationError
Hint: Make sure to prefix domain usernames with the correct domain name.
Hint: Local user names should be prefixed with computer name or IP address.
EXAMPLE: my_domain\user_namer
解决方法是将 IP 地址作为用户名的一部分
192.0.2.0\vagrant
knife bootstrap windows winrm 192.0.2.0 -N foobar -x 192.0.2.0\vagrant -P vagrant -r "role[foo]" -E dev -V
我的 winrm 配置是用 packer 创建的。
# https://github.com/mwrock/packer-templates/blob/b46ec4e1c3eafcaa64042f32ceab7de2d3789dba/scripts/package.ps1#L28-L45
netsh advfirewall firewall add rule name="WinRM-HTTP" dir=in localport=5985 protocol=TCP action=allow
$enableArgs=@{Force=$true}
try {
$command=Get-Command Enable-PSRemoting
if($command.Parameters.Keys -contains "skipnetworkprofilecheck"){
$enableArgs.skipnetworkprofilecheck=$true
}
}
catch {
$global:error.RemoveAt(0)
}
Enable-PSRemoting @enableArgs
winrm set winrm/config/client/auth '@{Basic="true"}'
winrm set winrm/config/service/auth '@{Basic="true"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
为什么我只能 bootstrap 和
经过反复试验,我发现 Enable-PSRemoting
和 winrm quickconfig
并不像我假设的那样等效。
将以下两行添加到 winrm 安装程序可以解决问题。 Bootstrap 现在不再需要使用 ip 地址作为名称。
winrm quickconfig -q
winrm quickconfig -transport:http
完整配置
netsh advfirewall firewall add rule name="WinRM-HTTP" dir=in localport=5985 protocol=TCP action=allow
winrm quickconfig -q
winrm quickconfig -transport:http
$enableArgs=@{Force=$true}
try {
$command=Get-Command Enable-PSRemoting
if($command.Parameters.Keys -contains "skipnetworkprofilecheck"){
$enableArgs.skipnetworkprofilecheck=$true
}
}
catch {
$global:error.RemoveAt(0)
}
Enable-PSRemoting @enableArgs
#Enable-WSManCredSSP -Force -Role Server #TODO What does this do, do I need it?
winrm set winrm/config/client/auth '@{Basic="true"}'
winrm set winrm/config/service/auth '@{Basic="true"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
请注意,允许基本身份验证和未加密的 winrm 对于生产使用来说是不安全的。
我发现如果我尝试 bootstrap windows 2012 服务器,我会收到此错误。
knife bootstrap windows winrm 192.0.2.0 -N foobar -x vagrant -P vagrant -r "role[foo]" -E dev -V
Waiting for remote response before bootstrap.ERROR: Failed to authenticate to 192.0.2.0 as vagrant
Response: WinRM::WinRMAuthorizationError
Hint: Make sure to prefix domain usernames with the correct domain name.
Hint: Local user names should be prefixed with computer name or IP address.
EXAMPLE: my_domain\user_namer
解决方法是将 IP 地址作为用户名的一部分
192.0.2.0\vagrant
knife bootstrap windows winrm 192.0.2.0 -N foobar -x 192.0.2.0\vagrant -P vagrant -r "role[foo]" -E dev -V
我的 winrm 配置是用 packer 创建的。
# https://github.com/mwrock/packer-templates/blob/b46ec4e1c3eafcaa64042f32ceab7de2d3789dba/scripts/package.ps1#L28-L45
netsh advfirewall firewall add rule name="WinRM-HTTP" dir=in localport=5985 protocol=TCP action=allow
$enableArgs=@{Force=$true}
try {
$command=Get-Command Enable-PSRemoting
if($command.Parameters.Keys -contains "skipnetworkprofilecheck"){
$enableArgs.skipnetworkprofilecheck=$true
}
}
catch {
$global:error.RemoveAt(0)
}
Enable-PSRemoting @enableArgs
winrm set winrm/config/client/auth '@{Basic="true"}'
winrm set winrm/config/service/auth '@{Basic="true"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
为什么我只能 bootstrap 和
经过反复试验,我发现 Enable-PSRemoting
和 winrm quickconfig
并不像我假设的那样等效。
将以下两行添加到 winrm 安装程序可以解决问题。 Bootstrap 现在不再需要使用 ip 地址作为名称。
winrm quickconfig -q
winrm quickconfig -transport:http
完整配置
netsh advfirewall firewall add rule name="WinRM-HTTP" dir=in localport=5985 protocol=TCP action=allow
winrm quickconfig -q
winrm quickconfig -transport:http
$enableArgs=@{Force=$true}
try {
$command=Get-Command Enable-PSRemoting
if($command.Parameters.Keys -contains "skipnetworkprofilecheck"){
$enableArgs.skipnetworkprofilecheck=$true
}
}
catch {
$global:error.RemoveAt(0)
}
Enable-PSRemoting @enableArgs
#Enable-WSManCredSSP -Force -Role Server #TODO What does this do, do I need it?
winrm set winrm/config/client/auth '@{Basic="true"}'
winrm set winrm/config/service/auth '@{Basic="true"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
请注意,允许基本身份验证和未加密的 winrm 对于生产使用来说是不安全的。