Merge "Add winrm certificate handling"
This commit is contained in:
commit
2c395d90af
|
@ -499,6 +499,21 @@ The following sections of ``zuul.conf`` are used by the executor:
|
|||
|
||||
SSH private key file to be used when logging into worker nodes.
|
||||
|
||||
.. attr:: winrm_cert_key_file
|
||||
:default: ~/.winrm/winrm_client_cert.key
|
||||
|
||||
The private key file of the client certificate to use for winrm
|
||||
connections to Windows nodes.
|
||||
|
||||
.. attr:: winrm_cert_pem_file
|
||||
:default: ~/.winrm/winrm_client_cert.pem
|
||||
|
||||
The certificate file of the client certificate to use for winrm
|
||||
connections to Windows nodes.
|
||||
|
||||
.. note:: Currently certificate verification is disabled when
|
||||
connecting to Windows nodes via winrm.
|
||||
|
||||
.. _admin_sitewide_variables:
|
||||
|
||||
.. attr:: variables
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
Client certificate locations to be used by winrm connections can be
|
||||
configured now.
|
|
@ -634,6 +634,12 @@ class AnsibleJob(object):
|
|||
self.private_key_file = get_default(self.executor_server.config,
|
||||
'executor', 'private_key_file',
|
||||
'~/.ssh/id_rsa')
|
||||
self.winrm_key_file = get_default(self.executor_server.config,
|
||||
'executor', 'winrm_cert_key_file',
|
||||
'~/.winrm/winrm_client_cert.key')
|
||||
self.winrm_pem_file = get_default(self.executor_server.config,
|
||||
'executor', 'winrm_cert_pem_file',
|
||||
'~/.winrm/winrm_client_cert.pem')
|
||||
self.ssh_agent = SshAgent()
|
||||
|
||||
self.executor_variables_file = None
|
||||
|
@ -1071,6 +1077,18 @@ class AnsibleJob(object):
|
|||
connection_type = node.get('connection_type')
|
||||
if connection_type:
|
||||
host_vars['ansible_connection'] = connection_type
|
||||
if connection_type == "winrm":
|
||||
host_vars['ansible_winrm_transport'] = 'certificate'
|
||||
host_vars['ansible_winrm_cert_pem'] = \
|
||||
self.winrm_pem_file
|
||||
host_vars['ansible_winrm_cert_key_pem'] = \
|
||||
self.winrm_key_file
|
||||
# NOTE(tobiash): This is necessary when using default
|
||||
# winrm self-signed certificates. This is probably what
|
||||
# most installations want so hard code this here for
|
||||
# now.
|
||||
host_vars['ansible_winrm_server_cert_validation'] = \
|
||||
'ignore'
|
||||
|
||||
host_keys = []
|
||||
for key in node.get('host_keys'):
|
||||
|
|
Loading…
Reference in New Issue