Jenkins Amazon EC2 插件 WinRM 无限循环
Jenkins Amazon EC2 plugin WinRM infinite loop
我目前正在设置我的 Jenkins 服务器以在构建初始化时创建 EC2 实例。它完美地创建和销毁了实例,但它不会与 WinRM 连接。我现在已经在网上尝试了所有的东西,至少总共用了 16 个小时。
我试过的一些东西:
Powershell 命令:
Enable-PSRemoting -Force
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
winrm set winrm/config/service/auth '@{Basic="true"}'
尝试更改组策略以允许所有主机并启用不受信任的连接
尝试使用 powershell 和基本身份验证从我的本地计算机连接(完美运行)
尝试基本上更改 jenkins 和 AWS 上的所有设置。
搜索了整个网络
将 EC2 插件从 5.1 降级到 4.2
我完全不知道自己能做什么。
下面的输出是无限循环的:
Connecting to ******.eu-west-3.compute.amazonaws.com(52.47.***.**) with WinRM as
administrator
Waiting for WinRM to come up. Sleeping 10s.
我刚刚完成了这个兔子洞的旅行,并设法让一切正常运转。我的设置是 Jenkins 服务器 2.235.5 和 ec2-plugin 版本 1.55。我使用加壳器构建 AMI,配置用户数据并启用 smb。在 Jenkins 中,我将代理配置为使用 HTTPS 和自签名证书。代理使用为管理员帐户生成的密码。确保该角色能够获取密码。
Packer 生成器
"builders": [
{
"type": "amazon-ebs",
"communicator": "winrm",
"winrm_username": "Administrator",
"winrm_use_ssl": true,
"winrm_insecure": true,
"user_data_file": "/opt/scripts/EC2UserData.ps1",
...
Ec2UserData.ps1
<powershell>
write-output "Running User Data Script"
write-host "(host) Running User Data Script"
Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force -ErrorAction Ignore
# Don't set this before Set-ExecutionPolicy as it throws an error
$ErrorActionPreference = "stop"
# Remove HTTP listener
Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse
Enable-PSRemoting -force
Set-Item WSMan:\localhost\Client\trustedhosts -value * -force
# Create a self-signed certificate to let ssl work
$Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName "packer"
New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $Cert.Thumbprint -Force
# WinRM
write-output "Setting up WinRM"
write-host "(host) setting up WinRM"
cmd.exe /c winrm quickconfig -q
cmd.exe /c winrm set "winrm/config" '@{MaxTimeoutms="1800000"}'
cmd.exe /c winrm set "winrm/config/winrs" '@{MaxMemoryPerShellMB="1024"}'
cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/listener?Address=*+Transport=HTTPS" "@{Port=`"5986`";Hostname=`"packer`";CertificateThumbprint=`"$($Cert.Thumbprint)`"}"
cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes
cmd.exe /c netsh firewall add portopening TCP 5986 "Port5986"
cmd.exe /c net stop winrm
cmd.exe /c sc config winrm start= auto
cmd.exe /c net start winrm
</powershell>
Packer 供应商
"provisioners": [
{
"type": "file",
"source": "/opt/config/jdk_11.0.2/cacerts",
"destination": "c:\temp\cacerts"
},
{
"type": "powershell",
"scripts": [
"/opt/scripts/InstallJava.ps1",
"/opt/scripts/InstallJenkinsSlave.ps1",
"/opt/scripts/EnableSmb.ps1"
]
},
安装Java。ps1
wget 'http://javadl.oracle.com/webapps/download/AutoDL?BundleId=210185' -Outfile 'C:\jreinstaller.exe'
Start-Process -filepath C:\jreinstaller.exe -passthru -wait -argumentlist "/s","INSTALLDIR=c:\Java\jre1.8.0_91"
del C:\jreinstaller.exe
Copy-Item "C:\Java\jre1.8.0_91\lib\security\cacerts" -Destination "C:\Java\jre1.8.0_91\lib\security\cacerts.original"
Copy-Item "c:\temp\cacerts" -Destination "C:\Java\jre1.8.0_91\lib\security\cacerts" -Force
$env:JAVA_HOME="c:\Java\jre1.8.0_91"
setx PATH "$env:path;c:\Java\jre1.8.0_91\bin"
安装JenkinsSlave。ps1
# enable UserData to run on next launch
cd C:\ProgramData\Amazon\EC2-Windows\Launch\Scripts
./InitializeInstance.ps1 -Schedule
Set-NetFirewallProfile -Profile Public,Private -Enabled False
EnableSmb.ps1
echo "Enabling smb1"
#Enable SMB1 protocol to workaround Windows on-demand issues
Enable-WindowsOptionalFeature -Online -FeatureName smb1protocol -NoRestart
Set-SmbServerConfiguration -EnableSMB1Protocol $true -Confirm:$true -Force #may work on 2012 but not 2019
set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters SMB1 -Type DWORD -Value 1 -Force
#Just in case firewall really didn't get disabled
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False
echo "restarting lanman"
Restart-Service lanmanserver
我目前正在设置我的 Jenkins 服务器以在构建初始化时创建 EC2 实例。它完美地创建和销毁了实例,但它不会与 WinRM 连接。我现在已经在网上尝试了所有的东西,至少总共用了 16 个小时。
我试过的一些东西:
Powershell 命令:
Enable-PSRemoting -Force
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
winrm set winrm/config/service/auth '@{Basic="true"}'
尝试更改组策略以允许所有主机并启用不受信任的连接 尝试使用 powershell 和基本身份验证从我的本地计算机连接(完美运行) 尝试基本上更改 jenkins 和 AWS 上的所有设置。 搜索了整个网络 将 EC2 插件从 5.1 降级到 4.2
我完全不知道自己能做什么。
下面的输出是无限循环的:
Connecting to ******.eu-west-3.compute.amazonaws.com(52.47.***.**) with WinRM as
administrator
Waiting for WinRM to come up. Sleeping 10s.
我刚刚完成了这个兔子洞的旅行,并设法让一切正常运转。我的设置是 Jenkins 服务器 2.235.5 和 ec2-plugin 版本 1.55。我使用加壳器构建 AMI,配置用户数据并启用 smb。在 Jenkins 中,我将代理配置为使用 HTTPS 和自签名证书。代理使用为管理员帐户生成的密码。确保该角色能够获取密码。
Packer 生成器
"builders": [
{
"type": "amazon-ebs",
"communicator": "winrm",
"winrm_username": "Administrator",
"winrm_use_ssl": true,
"winrm_insecure": true,
"user_data_file": "/opt/scripts/EC2UserData.ps1",
...
Ec2UserData.ps1
<powershell>
write-output "Running User Data Script"
write-host "(host) Running User Data Script"
Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force -ErrorAction Ignore
# Don't set this before Set-ExecutionPolicy as it throws an error
$ErrorActionPreference = "stop"
# Remove HTTP listener
Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse
Enable-PSRemoting -force
Set-Item WSMan:\localhost\Client\trustedhosts -value * -force
# Create a self-signed certificate to let ssl work
$Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName "packer"
New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $Cert.Thumbprint -Force
# WinRM
write-output "Setting up WinRM"
write-host "(host) setting up WinRM"
cmd.exe /c winrm quickconfig -q
cmd.exe /c winrm set "winrm/config" '@{MaxTimeoutms="1800000"}'
cmd.exe /c winrm set "winrm/config/winrs" '@{MaxMemoryPerShellMB="1024"}'
cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/listener?Address=*+Transport=HTTPS" "@{Port=`"5986`";Hostname=`"packer`";CertificateThumbprint=`"$($Cert.Thumbprint)`"}"
cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes
cmd.exe /c netsh firewall add portopening TCP 5986 "Port5986"
cmd.exe /c net stop winrm
cmd.exe /c sc config winrm start= auto
cmd.exe /c net start winrm
</powershell>
Packer 供应商
"provisioners": [
{
"type": "file",
"source": "/opt/config/jdk_11.0.2/cacerts",
"destination": "c:\temp\cacerts"
},
{
"type": "powershell",
"scripts": [
"/opt/scripts/InstallJava.ps1",
"/opt/scripts/InstallJenkinsSlave.ps1",
"/opt/scripts/EnableSmb.ps1"
]
},
安装Java。ps1
wget 'http://javadl.oracle.com/webapps/download/AutoDL?BundleId=210185' -Outfile 'C:\jreinstaller.exe'
Start-Process -filepath C:\jreinstaller.exe -passthru -wait -argumentlist "/s","INSTALLDIR=c:\Java\jre1.8.0_91"
del C:\jreinstaller.exe
Copy-Item "C:\Java\jre1.8.0_91\lib\security\cacerts" -Destination "C:\Java\jre1.8.0_91\lib\security\cacerts.original"
Copy-Item "c:\temp\cacerts" -Destination "C:\Java\jre1.8.0_91\lib\security\cacerts" -Force
$env:JAVA_HOME="c:\Java\jre1.8.0_91"
setx PATH "$env:path;c:\Java\jre1.8.0_91\bin"
安装JenkinsSlave。ps1
# enable UserData to run on next launch
cd C:\ProgramData\Amazon\EC2-Windows\Launch\Scripts
./InitializeInstance.ps1 -Schedule
Set-NetFirewallProfile -Profile Public,Private -Enabled False
EnableSmb.ps1
echo "Enabling smb1"
#Enable SMB1 protocol to workaround Windows on-demand issues
Enable-WindowsOptionalFeature -Online -FeatureName smb1protocol -NoRestart
Set-SmbServerConfiguration -EnableSMB1Protocol $true -Confirm:$true -Force #may work on 2012 but not 2019
set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters SMB1 -Type DWORD -Value 1 -Force
#Just in case firewall really didn't get disabled
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False
echo "restarting lanman"
Restart-Service lanmanserver