I am trying to use terraform to build a simple aws ec2 instance running windows 2016 server. I successfully build the ec2 windows instance but I can't connect into the server. How do I set username and password after the server is built so I can RDP into it?
resource "aws_instance" "win2k" {
...
...
...
// Test connectivity to newly built ec2
connection {
type = "winrm"
user = "Administrator"
password = "${var.admin_password}"
}
# Set local admin user/pass
user_data = <<EOF
<script>
winrm quickconfig -q & winrm set winrm/config #{MaxTimeoutms="1800000"} & winrm set winrm/config/service #{AllowUnencrypted="true"} & winrm set winrm/config /service/auth #{Basic="true"}
</script>
<powershell>
netsh advfirewall firewall add rule name="WinRM in" protocol=TCP dir=in profile=any localport=5985 remoteip=any localip=any action=allow
# Set Administrator password
$admin = [adsi]("WinNT://./administrator, user")
$admin.psbase.invoke("SetPassword", "${var.admin_password}")
</powershell>
EOF
Related
I trying to deploy some packages in windows OS through terraform 15.1 version.
And I am able to deploy successful deployment when I use this in provisioners
Connection {
type = winrm
user = administrator
password = ########
timeout = "3m"
port = 5986
https = true
insecure = true
host = self.access_ip_v4
}
but my goal to achieve is that the connection should be encrypted from where we are running terraform command to
remote windows machine
So, I want to use some thing like
connection {
type = winrm
user = administrator
password = ########
timeout = "3m"
port = 5986
https = true
**insecure = false**
**cacert = <from where I can this file or value >**
host = self.access_ip_v4
}
Remember that through terraform "user_data" I am using one Powershell script which create self certificate, open wirnrm https firewall port for winrm at the time of window provision.
I have not complete idea how to get this cacert for window.
Please can someone help me in this.
How to make a SSH connection via pageant on terraform? I'm trying to provision files with file provisioner running on SSH connection. According to docs, on windows, only supported ssh agent is Pageant, but it does not explain how to configure it.
https://www.terraform.io/docs/provisioners/connection.html
Even after adding directory of PuTTY to the PATH env var (which is included in GitExtension), terraform does not seem to detect that, and keep failing to make SSH connection.
Connecting via plink.exe works, so my SSH key is correctly added to the Pageant.
plink core#<ip-address-of-host>
File provisioner works when I pass the content of private_key directly like this, but that's not what I want.
connection {
type = "ssh"
host = aws_instance.instance.public_ip
user = "core"
agent = false
private_key = file(var.private_key_path)
}
You have to set the agent parameter to true:
agent - Set to false to disable using ssh-agent to authenticate. On Windows the only supported SSH authentication agent is Pageant.
agent = true
I am using CHEF 12 and trying to bootstrap an EC2 instance (Win server 2012 R2) from my workstation. However, I am getting the below error.
> Waiting for remote response before
> bootstrap.....................ERROR: No response received from remote
> node after 2.08 minutes, giving up. ERROR: Network Error: No
> connection could be made because the target machine actively refused
> it. - connect(2) (http://52.76.1.57:5985) Check your knife
> configuration and network settings
I have two CHEF servers (Hosted as well as on-premises); I have tried bootstraping the EC2 instance using each of these, but get the same result.
Chef bootstrap command issued via power-shell:
PS ~\chef-repo> knife bootstrap windows winrm 52.76.1.57 --winrm-user Administrator --winrm-password '******' --node-name node_145 --run-list 'recipe[ie::esc],recipe[install_iis]'
As far as I researched, it is because I am not able to establish a WINRM connection from my workstation to the Ec2 instance. I am however able to connect to another Win 2012 server within my office network and bootstrap successfully.
have already logged in remotely to the EC2 instance and run winrm quickconfig from powershell.
have set the Administrator password to a desired one.
Have opened inbound firewall rule for WIndows remote management on ports 5985 and 5986
Set up setcurity group and allowed inbound Custom TCP rule for ports 5985 and 5986 on AWS
you took all the necessary steps for this, would it be possible that you are getting filtered by a firewall (e.g company firewall)?
fyi, I managed to bootstrap a machine with the following steps:
# configure winrm for using knife winrm
winrm set winrm/config/service/auth '#{Basic="true"}'
winrm set winrm/config/service '#{AllowUnencrypted="true"}'
set-item WSMan:\localhost\Client\allowunencrypted $true
#turn off firewall
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False
EDIT: to sum up below comments, the problem was the company firewall that was blocking the traffic
Windows 2012 R2 introcuced changes within WinRM security, which rendered some of old articles / readme examples explaining usage of knife-ec and knife-windows unusable.
This article http://blog.coderinserepeat.com/2015/07/15/chef-knife-ec2-and-knife-windows/ pretty much sums up how to deal with this in recent versions of knife plugins.
I am trying to bootstrap a windows winrm using knife command.
I have enabled the tcp port 5985.
But i still get the following error:
ERROR: Network Error: Connection refused - connect(2) (http://:5985)
I am able to remotely login to the machine as well by providing username and password
I could not resolve. Has anyone come across this problem and found a solution?
Check that you can telnet remote_host 5985. This should open a dumb session into which you can enter "quit". If not, look again at how you have enabled winrm and the firewall on the remote host.
I got winrm bootstrap working on Windows VMs which did not have firewall enabled like this:
All the following on the remote Windows machine you want to bootstrap...
Enable winrm:
winrm quickconfig -q
Enable and start the firewall service (so we can successfully config winrm):
sc config mpssvc start= demand
sc start mpssvc
Configure winrm per chef recommendations:
winrm set winrm/config/winrs #{MaxMemoryPerShellMB="300"}
winrm set winrm/config #{MaxTimeoutms="1800000"}
winrm set winrm/config/service #{AllowUnencrypted="true"}
winrm set winrm/config/service/auth #{Basic="true"}
Stop the firewall service again:
sc stop mpssvc
... or configure it to allow to winrm connections from the workstation.
Now, on your workstation, validate the set up:
Validate that remote host is listening on default winrm port
telnet remote_host 5985
(If connection is successful, a blank telnet session will open. You can enter "quit" to exit it.)
Optionally validate that knife winrm can connect to the remote host (e.g. to list the c:\ directory)
knife winrm -m remote_host -x remote_user -P remote_password 'dir c:\'
Bootstrap the node
knife bootstrap windows winrm remote_host -x remote_user -P remote_password
Since you ask for an answer drawing from credible and/or official sources here are the references I found useful when figuring out how to get winrm bootstrap to work:
http://docs.opscode.com/install_windows.html
http://docs.opscode.com/plugin_knife_windows.html
http://developer.rackspace.com/blog/step-by-step-walkthrough-to-using-chef-to-bootstrap-windows-nodes-on-the-rackspace-cloud.html
I have faced the similar issue.One of the reasons for this might be you knife-windows gem is not installed in expected location.
knife-windows resolves target hostname.if its not properly installed winrm knife cant resolve targetname.So to overcome this install knife-windows as below
To install the knife windows plugin using RubyGems, run the following command:
$ /opt/chef/embedded/bin/gem install knife-windows
if properly installed you should be able to find knife-windows at /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/
when i run
knife bootstrap windows winrm <my ec2 fqdn> -x Administrator -P "<password>" -r "role[myrole]"
my instance is inside vpc and i have attached eip In place od i gave both my private ip and public ip
ERROR: Batch render command returned
ERROR: Failed to authenticate to ["10.220.15.254"] as Administrator
Response: Bad HTTP response returned from server (401).
what should be my for windows instance.
You should configure Windows Remote Management in the server as described at http://docs.opscode.com/plugin_knife_windows.html
Your error is due to Basic Authentication not being enabled, you have to run the following command in the Windows machine before attempting the bootstrap:
winrm set winrm/config/service/auth #{Basic="true"}
If running it from PowerShell put the parameter in single quotes '#{Basic="true"}'