厨师引导与域ip

时间:2016-11-03 20:01:49

标签: chef winrm

我发现如果我尝试引导Windows 2012服务器,我会收到此错误。

knife bootstrap windows winrm 192.0.2.0 -N foobar -x vagrant -P vagrant -r "role[foo]" -E dev -V 

Waiting for remote response before bootstrap.ERROR: Failed to authenticate to 192.0.2.0 as vagrant
Response: WinRM::WinRMAuthorizationError
Hint: Make sure to prefix domain usernames with the correct domain name.
Hint: Local user names should be prefixed with computer name or IP address.
EXAMPLE: my_domain\user_namer

解决方法是将ip地址包含在用户名

192.0.2.0\vagrant 

knife bootstrap windows winrm 192.0.2.0 -N foobar -x 192.0.2.0\vagrant -P vagrant -r "role[foo]" -E dev -V

我的winrm配置是使用packer创建的。 

# https://github.com/mwrock/packer-templates/blob/b46ec4e1c3eafcaa64042f32ceab7de2d3789dba/scripts/package.ps1#L28-L45

netsh advfirewall firewall add rule name="WinRM-HTTP" dir=in localport=5985 protocol=TCP action=allow

$enableArgs=@{Force=$true}
try {
 $command=Get-Command Enable-PSRemoting
  if($command.Parameters.Keys -contains "skipnetworkprofilecheck"){
      $enableArgs.skipnetworkprofilecheck=$true
  }
}
catch {
  $global:error.RemoveAt(0)
}
Enable-PSRemoting @enableArgs
winrm set winrm/config/client/auth '@{Basic="true"}'
winrm set winrm/config/service/auth '@{Basic="true"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'

为什么我只能用

进行引导

1 个答案:

答案 0 :(得分:0)

经过多次反复试验,我发现Enable-PSRemotingwinrm quickconfig不是我认为的等效命令。

将以下两行添加到winrm设置可以解决问题。 Bootstrap现在不再需要使用ip地址作为名称。 

winrm quickconfig -q
winrm quickconfig -transport:http

完整配置

netsh advfirewall firewall add rule name="WinRM-HTTP" dir=in localport=5985 protocol=TCP action=allow
winrm quickconfig -q
winrm quickconfig -transport:http
$enableArgs=@{Force=$true}
try {
 $command=Get-Command Enable-PSRemoting
  if($command.Parameters.Keys -contains "skipnetworkprofilecheck"){
      $enableArgs.skipnetworkprofilecheck=$true
  }
}
catch {
  $global:error.RemoveAt(0)
}
Enable-PSRemoting @enableArgs
#Enable-WSManCredSSP -Force -Role Server #TODO What does this do, do I need it?
winrm set winrm/config/client/auth '@{Basic="true"}'
winrm set winrm/config/service/auth '@{Basic="true"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'

注意,允许基本身份验证和未加密的winrm对于生产使用是不安全的。

相关问题
最新问题