Administrator password not being retrieved on Windows 2008 R2 #192
Comments
|
False alarm here... Note this line in .kitchen.yml: username: adminstrator That's right...missing one 'i'. Classic. On the bridge side, I now know that I can build a local gem and install that for testing! Thanks, Damon |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi folks. I'm trying to set up integration testing via EC2 on Windows 2008 R2 using Test Kitchen. I am able to start instances and they are being configured for plaintext WinRM access so I know the Powershell script is executed via userdata. However, the password isn't being retrieved and all attempts to access the host via WinRM are using a nil password (which clearly won't work). When debugging, I see that the encrypted password is being retrieved but instead of decrypting it, it seems that Kitchen moves directly on to trying WinRM access. I wanted to add debug statements to kitchen-ec2 but I can't figure out how to do that, honestly. I'm using 0.10.0. Here's my .kitchen.yml:
driver:
name: ec2
region: us-east-1
retryable_tries: 120
availability_zone: us-east-1c
instance_type: m3.medium
aws_ssh_key_id: DTM1
provisioner:
name: chef_solo
platforms:
driver:
image_id: ami-3bd17a50
transport:
username: adminstrator
ssh_key: /home/build/ec2/DTM1.pem
suites:
run_list:
attributes:
The key file is readable and I can use it to SSH to hosts started with the key ID so I know it's valid. Here's what happens when I try to create an instance:
[build@ip-10-194-101-172 dtmtest2]$ kitchen create -l debug
-----> Starting Kitchen (v1.4.2)
D Winrm Transport requested, loading WinRM::Transport gem (~> 1.0)
D WinRM::Transport 1.0.2 library loaded
-----> Creating ...
If you are not using an account that qualifies under the AWS
free-tier, you may be charged to run these suites. The charge
should be minimal, but neither Test Kitchen nor its maintainers
are responsible for your incurred costs.
D Creating EC2 Instance..
Instance requested.
EC2 instance created.
Waited 0/600s for instance to become ready.
Waited 5/600s for instance to become ready.
Waited 10/600s for instance to become ready.
[abbreviated]
D Console output: ---
2015/09/09 03:57:51Z: EC2ConfigMonitorState: 0
2015/09/09 03:57:52Z: Windows sysprep configuration complete.
2015/09/09 03:57:54Z: AMI Origin Version: 2015.08.12
2015/09/09 03:57:54Z: AMI Origin Name: Windows_Server-2008-R2_SP1-English-64Bit-Base
2015/09/09 03:57:54Z: OS: Microsoft Windows NT 6.1.7601
2015/09/09 03:57:54Z: OsVersion: 6.1
2015/09/09 03:57:54Z: OsProductName: Windows Server 2008 R2 Datacenter
2015/09/09 03:57:54Z: OsBuildLabEx: 7601.23136.amd64fre.win7sp1_ldr.150715-0600
2015/09/09 03:57:54Z: Language: en-US
2015/09/09 03:57:54Z: EC2 Agent: Ec2Config service v3.8.294
2015/09/09 03:57:56Z: Message: Waiting for meta-data accessibility...
2015/09/09 03:57:56Z: Message: Meta-data is now available.
2015/09/09 03:57:57Z: Driver: Citrix PV Ethernet Adapter v5.9.960.49119
2015/09/09 03:57:57Z: Driver: Citrix PV SCSI Host Adapter v6.0.2.56921
2015/09/09 03:58:02Z: AMI-ID: ami-3bd17a50
2015/09/09 03:58:02Z: Instance-ID: i-f81dd52d
2015/09/09 03:58:09Z: Ec2SetPassword: Enabled
2015/09/09 03:58:17Z: RDPCERTIFICATE-SUBJECTNAME: WIN-RB05A1R9JJQ
2015/09/09 03:58:17Z: RDPCERTIFICATE-THUMBPRINT: 053AC3F07AE20A235109EF05CC1F9874F5AD2213
2015/09/09 03:58:28Z: Username: Administrator
2015/09/09 03:58:28Z: Password:
41E5FLzbmd6PuPBvvx770WeJgmpKMPSzzXfJfjAJmrj3KEnoQP0p4vqOzy6CX5sIBEkVazPm+THBgbjNa81pUZS7yq/g+T5RnEf02jEap7at/fL1NZu3lrcBZU3alKdi94cBn4XNhyypKdiFrmO5Gu3j7fTxs7hhIUR41rb+yV3ByKa0Q4UQeA6bUBSoNq8y2I0OzcBe5WKaVVkR/9jtJs22r04Pd7GYm57ay9UsWjp0TBb7dfOkY1Yx6IqoSSTmkjYBnlgoh4b50sfT3gWUXxLEhw0xOwj3wftRhEo88XgJ5TTBNLygvqJHPMbzz+KyF27hBJMwUbWXpoM4Ekg4Bg==
[That message then repeats for a while, until...]
2015/09/09 03:59:00Z: Message: Windows is Ready to use
D [WinRM] opening remote shell on plaintext::http://ec2-54-146-227-158.compute-1.amazonaws.com:5985/wsman<{:disable_sspi=>true, :basic_auth_only=>true, :user=>"adminstrator", :pass=>nil}>
D [WinRM] connection failed (#<WinRM::WinRMAuthorizationError: WinRM::WinRMAuthorizationError>)
Waiting for WinRM service on http://ec2-54-146-227-158.compute-1.amazonaws.com:5985/wsman, retrying in 3 seconds
D [WinRM] opening remote shell on plaintext::http://ec2-54-146-227-158.compute-1.amazonaws.com:5985/wsman<{:disable_sspi=>true, :basic_auth_only=>true, :user=>"adminstrator", :pass=>nil}>
D [WinRM] connection failed (#<WinRM::WinRMAuthorizationError: WinRM::WinRMAuthorizationError>)
Waiting for WinRM service on http://ec2-54-146-227-158.compute-1.amazonaws.com:5985/wsman, retrying in 3 seconds
This continues until it times out. With a nil password, the WinRM requests are obviously going to fail.
I copied the encrypted password string and ran it through a quick script I found to decrypt given the key, and it worked. I then validated WinRM connectivity with a really simple Ruby script to make absolutely sure the password was correct and the machine was configured. This worked:
[build@ip-10-194-101-172 dev]$ cat check_winrm.rb
require 'winrm'
endpoint = 'http://ec2-54-146-227-158.compute-1.amazonaws.com:5985/wsman'
winrm = WinRM::WinRMWebService.new(endpoint, :plaintext, :user => 'administrator', :pass => 'PLAINTEXTPASSWORD', :basic_auth_only => true)
winrm.cmd('ipconfig /all') do |stdout, stderr|
STDOUT.print stdout
STDERR.print stderr
end
[build@ip-10-194-101-172 dev]$ ruby ./check_winrm.rb
Windows IP Configuration
Host Name . . . . . . . . . . . . : WIN-RB05A1R9JJQ
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
[etc.]
So the instance is definitely available, the encrypted password retrieved is valid, it can be decrypted with the configured key, and WinRM is configured for remote access. I don't know where to go from here. I was hoping to add log messages to Kitchen but I can't figure out how to actually use the locally-modified version...
Any help would be much-appreciated.
Thank you!
Damon
The text was updated successfully, but these errors were encountered: