主厨 bootstrap 没有域 ip

chef bootstrap with out domain ip

我发现如果我尝试 bootstrap windows 2012 服务器,我会收到此错误。

knife bootstrap windows winrm 192.0.2.0 -N foobar -x vagrant -P vagrant -r "role[foo]" -E dev -V

Waiting for remote response before bootstrap.ERROR: Failed to authenticate to 192.0.2.0 as vagrant
Response: WinRM::WinRMAuthorizationError
Hint: Make sure to prefix domain usernames with the correct domain name.
Hint: Local user names should be prefixed with computer name or IP address.
EXAMPLE: my_domain\user_namer

解决方法是将 IP 地址作为用户名的一部分

192.0.2.0\vagrant

knife bootstrap windows winrm 192.0.2.0 -N foobar -x 192.0.2.0\vagrant -P vagrant -r "role[foo]" -E dev -V

我的 winrm 配置是用 packer 创建的。

# https://github.com/mwrock/packer-templates/blob/b46ec4e1c3eafcaa64042f32ceab7de2d3789dba/scripts/package.ps1#L28-L45

netsh advfirewall firewall add rule name="WinRM-HTTP" dir=in localport=5985 protocol=TCP action=allow

$enableArgs=@{Force=$true}
try {
 $command=Get-Command Enable-PSRemoting
  if($command.Parameters.Keys -contains "skipnetworkprofilecheck"){
      $enableArgs.skipnetworkprofilecheck=$true
  }
}
catch {
  $global:error.RemoveAt(0)
}
Enable-PSRemoting @enableArgs
winrm set winrm/config/client/auth '@{Basic="true"}'
winrm set winrm/config/service/auth '@{Basic="true"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'

为什么我只能 bootstrap 和

经过反复试验,我发现 Enable-PSRemotingwinrm quickconfig 并不像我假设的那样等效。

将以下两行添加到 winrm 安装程序可以解决问题。 Bootstrap 现在不再需要使用 ip 地址作为名称。

winrm quickconfig -q
winrm quickconfig -transport:http

完整配置

netsh advfirewall firewall add rule name="WinRM-HTTP" dir=in localport=5985 protocol=TCP action=allow
winrm quickconfig -q
winrm quickconfig -transport:http
$enableArgs=@{Force=$true}
try {
 $command=Get-Command Enable-PSRemoting
  if($command.Parameters.Keys -contains "skipnetworkprofilecheck"){
      $enableArgs.skipnetworkprofilecheck=$true
  }
}
catch {
  $global:error.RemoveAt(0)
}
Enable-PSRemoting @enableArgs
#Enable-WSManCredSSP -Force -Role Server #TODO What does this do, do I need it?
winrm set winrm/config/client/auth '@{Basic="true"}'
winrm set winrm/config/service/auth '@{Basic="true"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'

请注意,允许基本身份验证和未加密的 winrm 对于生产使用来说是不安全的。