Browse Source

Add winrm certificate handling

When using the winrm connection we need to specify the certificates to
be used for the connection. This is the last missing part to really
being able to connect to windows nodes.

Change-Id: I8db0df4fa7a32598b8c581e67254a0849915b910
Co-Authored-By: Bernhard Zumbusch <bernhard.zumbusch@bmw.de>
changes/17/535717/3
Tobias Henkel 4 years ago
parent
commit
e2de74033b
No known key found for this signature in database GPG Key ID: 3750DEC158E5FA2
3 changed files with 38 additions and 0 deletions
  1. +15
    -0
      doc/source/admin/components.rst
  2. +5
    -0
      releasenotes/notes/winrm-af968bf3269c25d9.yaml
  3. +18
    -0
      zuul/executor/server.py

+ 15
- 0
doc/source/admin/components.rst View File

@ -486,6 +486,21 @@ The following sections of ``zuul.conf`` are used by the executor:
SSH private key file to be used when logging into worker nodes.
.. attr:: winrm_cert_key_file
:default: ~/.winrm/winrm_client_cert.key
The private key file of the client certificate to use for winrm
connections to Windows nodes.
.. attr:: winrm_cert_pem_file
:default: ~/.winrm/winrm_client_cert.pem
The certificate file of the client certificate to use for winrm
connections to Windows nodes.
.. note:: Currently certificate verification is disabled when
connecting to Windows nodes via winrm.
.. _admin_sitewide_variables:
.. attr:: variables


+ 5
- 0
releasenotes/notes/winrm-af968bf3269c25d9.yaml View File

@ -0,0 +1,5 @@
---
features:
- |
Client certificate locations to be used by winrm connections can be
configured now.

+ 18
- 0
zuul/executor/server.py View File

@ -587,6 +587,12 @@ class AnsibleJob(object):
self.private_key_file = get_default(self.executor_server.config,
'executor', 'private_key_file',
'~/.ssh/id_rsa')
self.winrm_key_file = get_default(self.executor_server.config,
'executor', 'winrm_cert_key_file',
'~/.winrm/winrm_client_cert.key')
self.winrm_pem_file = get_default(self.executor_server.config,
'executor', 'winrm_cert_pem_file',
'~/.winrm/winrm_client_cert.pem')
self.ssh_agent = SshAgent()
self.executor_variables_file = None
@ -1007,6 +1013,18 @@ class AnsibleJob(object):
connection_type = node.get('connection_type')
if connection_type:
host_vars['ansible_connection'] = connection_type
if connection_type == "winrm":
host_vars['ansible_winrm_transport'] = 'certificate'
host_vars['ansible_winrm_cert_pem'] = \
self.winrm_pem_file
host_vars['ansible_winrm_cert_key_pem'] = \
self.winrm_key_file
# NOTE(tobiash): This is necessary when using default
# winrm self-signed certificates. This is probably what
# most installations want so hard code this here for
# now.
host_vars['ansible_winrm_server_cert_validation'] = \
'ignore'
host_keys = []
for key in node.get('host_keys'):


Loading…
Cancel
Save