Jira (BOLT-1472) Automated Test WinRM with Kerberos (from Linux node)

9 views
Skip to first unread message

Ethan Brown (JIRA)

unread,
Jul 15, 2019, 12:40:04 PM7/15/19
to puppe...@googlegroups.com
Ethan Brown created an issue
 
Puppet Task Runner / Task BOLT-1472
Automated Test WinRM with Kerberos (from Linux node)
Issue Type: Task Task
Assignee: Unassigned
Components: WinRM
Created: 2019/07/15 9:39 AM
Labels: winrm kerberos
Priority: Normal Normal
Reporter: Ethan Brown

This has been spun off of the work in BOLT-126 for enabling Kerberos support.

 

In an effort to get the code merged to support the feature, this separate ticket exists for the sake of completing the work on testing in https://github.com/puppetlabs/bolt/pull/999

 

At a high level, this involves doing a few things:

 

  • Spinning up a new Samba container to host an Active Directory
  • Domain joining the existing OMI container to the AD 
  • Enabling OMI server to use Kerberos authentication
  • Configuring TravisCI to acquire a Kerberos ticket from AD, so that it can use Kerberos authentication to run PowerShell commands against OMI server
  • New tests to demonstrate the behavior functioning properly
Add Comment Add Comment
 
This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93)
Atlassian logo

Ethan Brown (JIRA)

unread,
Jul 15, 2019, 12:41:05 PM7/15/19
to puppe...@googlegroups.com
Ethan Brown updated an issue
Change By: Ethan Brown
Sprint: Bolt Ready for Grooming

Ethan Brown (JIRA)

unread,
Jul 17, 2019, 12:34:02 PM7/17/19
to puppe...@googlegroups.com
Ethan Brown assigned an issue to Ethan Brown
Change By: Ethan Brown
Assignee: Ethan Brown

Ethan Brown (JIRA)

unread,
Jul 17, 2019, 12:35:02 PM7/17/19
to puppe...@googlegroups.com
Ethan Brown updated an issue
Change By: Ethan Brown
Sprint: Bolt Ready for Grooming Kanban

Ethan Brown (JIRA)

unread,
Jul 18, 2019, 7:12:03 PM7/18/19
to puppe...@googlegroups.com
Ethan Brown commented on Task BOLT-1472
 
Re: Automated Test WinRM with Kerberos (from Linux node)

After setting all of this up, it's clear that there is a bug in the protocol negotiation between the WinRM gem and OMI server, rather than a misconfiguration of the server (given powershell itself can connect to OMI and use Kerberos authentication).

Therefore, I'd like to merge this setup with the pending tests, and have created 2 additional related tickets to capture the remaining work:

  • BOLT-1475 - Setup an OMI / Kerberos debugging environment inside a new container
  • BOLT-1476 - Resolve the winrm gem / OMI bug to be able to enable automated tests

 

Ethan Brown (JIRA)

unread,
Jul 22, 2019, 6:33:04 PM7/22/19
to puppe...@googlegroups.com
Ethan Brown assigned an issue to Lucy Wyman
 
Change By: Ethan Brown
Assignee: Ethan Brown Lucy Wyman
Reply all
Reply to author
Forward
0 new messages