Powershell winrm client is now opensource for Linux
1,958 views
Skip to first unread message
Espen Blikstad
May 18, 2017, 5:10:48 AM5/18/17
to rundeck-discuss
Hi
Microsoft has open sourced PowerShell Core and they have a working winrm client for Linux which may be used in Rundeck.
https://github.com/PowerShell/PowerShell/issues/3046Has anybody looked into this ?
I'm using winrs.exe for executing Windows scripts and it has some limitations. Native PowerShell would be awesome. No need for script file copying. Script is embedded.
Winrm supports reconnect and is implemented on a HTTP transport which is also a great thing.
Regards,
Espen Blikstad
Alex Honor
May 18, 2017, 11:13:15 AM5/18/17
to rundeck...@googlegroups.com
Hi Espen,
Looks promising. Have you tried creating a NodeExecutor or NodeStep plugin that wraps it?
Thanks
--
You received this message because you are subscribed to the Google Groups "rundeck-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rundeck-discuss+unsubscribe@googlegroups.com.
To post to this group, send email to rundeck-discuss@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rundeck-discuss/0874c6bc-3890-4904-97b3-3e0a74e8536b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Alex Honor
[Rundeck | a...@rundeck.com ]
Espen Blikstad
Jun 23, 2017, 1:09:58 PM6/23/17
to rundeck-discuss
Not yet, I'm looking into that during the summer. I'm not sure how much work it is.
Espen
On Thursday, May 18, 2017 at 5:13:15 PM UTC+2, Alex Honor wrote:
Hi Espen,Looks promising. Have you tried creating a NodeExecutor or NodeStep plugin that wraps it?Thanks
On Thu, May 18, 2017 at 2:10 AM, Espen Blikstad <espen.b...@gmail.com> wrote:
HiMicrosoft has open sourced PowerShell Core and they have a working winrm client for Linux which may be used in Rundeck.https://github.com/PowerShell/PowerShell/issues/3046Has anybody looked into this ?I'm using winrs.exe for executing Windows scripts and it has some limitations. Native PowerShell would be awesome. No need for script file copying. Script is embedded.Winrm supports reconnect and is implemented on a HTTP transport which is also a great thing.Regards,Espen Blikstad
--
You received this message because you are subscribed to the Google Groups "rundeck-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rundeck-discu...@googlegroups.com.
To post to this group, send email to rundeck...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rundeck-discuss/0874c6bc-3890-4904-97b3-3e0a74e8536b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Espen Blikstad
Jun 27, 2017, 4:51:26 AM6/27/17
to rundeck-discuss
PowerShellCore 6.0 Beta 3 installed on Ubuntu 16.04 connects to Windows 10 using basic authentication (cleartext).
Microsoft opensource PowerShell for Linux does not support CredSSP. I'm not sure if they are going to support it, but it's essential.
Ansible uses another library, pywinrm which do support CredSSP.
A rewrite of pywinrm to Java would be really great. I'll have to look at their sourcecode.
Espen
Espen Blikstad
Jul 4, 2017, 11:29:05 AM7/4/17
to rundeck-discuss
The Python script works indeed, but I found a Java libary which does the same. Apache HTTP client library has implemented the CredSSP authentication scheme.
I will test this library and check if it supports CredSSP.
Espen
Espen Blikstad
Jul 5, 2017, 9:53:23 AM7/5/17
to rundeck-discuss
The winrm4j uses the full blown Apache web service framework and it's very bloated. Executing a single command takes 5-6 seconds and it's useless for real time operations. It may be faster for consecutive executions, but I'm not sure that is possible with Rundeck plugins.
Probably the best compromise would be a new library only using the Apache http client and writing static XML for soap web service calls.
Giordano Bianchi
Jul 14, 2017, 11:07:20 AM7/14/17
to rundeck-discuss
Hi guys,
I think you might be interested in this simple rundeck plugin that I have developed for a work-related project. It natively implements Powershell on Linux.
Once the NTLM/CredSSP support for Powershell on Linux is completed (I have actually gotten it to work but not reliably enough) it should enable Rundeck on Linux to be able to invoke commands *securely* to Windows hosts.
Please take a look at the project and let me know if you have any issues.
Giordano
Alex Honor
Jul 14, 2017, 5:33:28 PM7/14/17
to rundeck-discuss
Hi Giordano,
I know many Rundeck users are interested in this solution. As you pointed out, CredSSP seems to be a quite common requirement, too (as is SSL, Kerberos).
Thanks
Giordano Bianchi
Jul 16, 2017, 9:56:19 AM7/16/17
to rundeck-discuss
Hi Alex,
Just as an update, if anyone is interested I was able to get the Negotiate/NTLM authentication to work on Powershell for Linux (beta4) by installing the following additional packages on Centos 7:
- krb5-workstation
- krb5-devel
- gssntlmssp (you need to have epel-release installed first)
- powershell
This means that my rundeck plugin can now securely connect to Windows machines using domain accounts.
Luis Toledo
Aug 3, 2017, 6:06:13 PM8/3/17
to rundeck-discuss
Hi Giordano,
I have a question, the Powershell for Linux (beta4) doesn't work with Kerberos and CredSSP , right?
I was able to check that Kerberos doesn't work ( I got a MI_RESULT_ACCESS_DENIED error ,like this issue https://github.com/PowerShell/PowerShell/issues/3708 )
But I haven't tried the CredSSP yet.
Thanks in advance
Luis
Giordano Bianchi
Aug 17, 2017, 4:39:28 AM8/17/17
to rundeck-discuss
I haven't tried Kerberos but Negotiate/NTLM works fine for me.
Reply all
Reply to author
Forward
0 new messages