(GH-1535) Create container infrastructure for WinRM testing #7
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
lucywyman
force-pushed
the
GH-1535
branch
7 times, most recently
from
e500e06
to
592024a
Compare
This adds documentation for installing Bolt on MacOS 10.15. Related PRs: - [x] [ci-job-configs](https://github.com/puppetlabs/ci-job-configs/pull/6834) - [x] [bolt-vanagon](puppetlabs/bolt-vanagon#133) Closes puppetlabs#1445
(puppetlabsGH-1445) Package Bolt for MacOS 10.15
lucywyman
force-pushed
the
GH-1535
branch
12 times, most recently
from
399fa48
to
ed0394c
Compare
This modifies the infrastructure used to test WinRM connections to test against a running container as opposed to connecting back to the virtual machine itself. This changes how we provision the Github Actions environment, now using docker-compose to bring up two Windows server 2019 containers - one with the Puppet Agent ruby taking precedence, and one with Windows ruby taking precedence. The containers have the same username and password as Linux container infrastructure, and connect over winrm without SSL. WinRM has 5 authentication methods by default, with the default non-SSL authentication method being 'negotiate'. Negotiate determine whether to use Kerberos or NTLM for authentication, preferring Kerberos. Previous Bolt testing setups seem to have fallen back to using NTLM, or otherwise been configured to allow user-password authentication (possibly through Group Policies). However the default for the Windows Server 2019 container is to attempt Kerberos, which fails. As such the WinRM connection must specify the `basic` auth method in order to use user-pasword authentication between the the GH Action environment and the containers. This is possible using the WinRM ruby gem, but not something we want to expose to users. As such we specify the appropriate settings when connecting to WinRM, wrapped in an environment variable set when testing Bolt in CI.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This creates a Windows container in the Github Actions Windows testing
environment to run WinRM and windows-based tests against. This allows us
to test actual WinRM connections rather than having the GH Action
environment connect to itself.
Additionally, it removes unnecessary steps from our GH Action workflows,
as Docker and docker-compose are already installed in GH Action
environments.