salt-cloud and winrm failing
152 views
Skip to first unread message
Ben Sherman
Jun 14, 2016, 6:40:29 PM6/14/16
to Salt-users
Hi all,
"No certificate store is available by default on EC2 images and creating one does not seem possible without an MMC (cannot be automated). To use the default EC2 Windows images the above copies the RDP store."
I'm using salt-cloud to deploy and configure windows and linux instances in aws/ec2. I've been struggling with salt-cloud and the switch from winexe to winrm. Windows 2012r2 no longer supports SMB used by winexe, and I'm trying to get winrm working in its place.
I've solved the problems of getting pywinrm installed, and opened an issue with a bad method call in cloud.py (https://github.com/saltstack/salt/issues/34008).
Now I'm stuck on SSL. I'm looking at the docs at https://docs.saltstack.com/en/latest/topics/cloud/windows.html. I've used the example script to get winrm bootstrapped, and now I'm running into SSL errors. In that document, the following text appears after the firewall script:
"No certificate store is available by default on EC2 images and creating one does not seem possible without an MMC (cannot be automated). To use the default EC2 Windows images the above copies the RDP store."
I'm new at windows and cert management, but can someone help me parse that line? The powershell script that precedes it turns on winrm, opens firewall portas and creates SSL certs, but I don't know how to get them, or what to do with them to get salt-cloud to connects with SSL. RIght now, I'm getting the error below. If I use winrm and connect outside of salt-cloud, I need to use the "server_cert_validation='ignore'" option in the connection settings.
[ERROR ] There was a profile error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:765)
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/salt/cloud/cli.py", line 284, in run
self.config.get('names')
File "/usr/lib/python2.7/site-packages/salt/cloud/__init__.py", line 1446, in run_profile
ret[name] = self.create(vm_)
File "/usr/lib/python2.7/site-packages/salt/cloud/__init__.py", line 1281, in create
output = self.clouds[func](vm_)
File "/usr/lib/python2.7/site-packages/salt/cloud/clouds/ec2.py", line 2546, in create
vm_, data, ip_address, display_ssh_output
File "/usr/lib/python2.7/site-packages/salt/cloud/clouds/ec2.py", line 2241, in wait_for_instance
timeout=ssh_connect_timeout):
File "/usr/lib/python2.7/site-packages/salt/utils/cloud.py", line 838, in wait_for_winrm
r = s.run_cmd('sc query winrm')
File "/usr/lib/python2.7/site-packages/winrm/__init__.py", line 37, in run_cmd
shell_id = self.protocol.open_shell()
File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 132, in open_shell
res = self.send_message(xmltodict.unparse(req))
File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 207, in send_message
return self.transport.send_message(message)
File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 173, in send_message
response = self.session.send(prepared_request, timeout=self.read_timeout_sec)
File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 585, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 477, in send
raise SSLError(e, request=request)
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:765)
Reply all
Reply to author
Forward
0 new messages