Add winrm certificate handling
When using the winrm connection we need to specify the certificates to be used for the connection. This is the last missing part to really being able to connect to windows nodes. Change-Id: I8db0df4fa7a32598b8c581e67254a0849915b910 Co-Authored-By: Bernhard Zumbusch <bernhard.zumbusch@bmw.de>
This commit is contained in:
parent
f40feca5bb
commit
e2de74033b
|
@ -486,6 +486,21 @@ The following sections of ``zuul.conf`` are used by the executor:
|
||||||
|
|
||||||
SSH private key file to be used when logging into worker nodes.
|
SSH private key file to be used when logging into worker nodes.
|
||||||
|
|
||||||
|
.. attr:: winrm_cert_key_file
|
||||||
|
:default: ~/.winrm/winrm_client_cert.key
|
||||||
|
|
||||||
|
The private key file of the client certificate to use for winrm
|
||||||
|
connections to Windows nodes.
|
||||||
|
|
||||||
|
.. attr:: winrm_cert_pem_file
|
||||||
|
:default: ~/.winrm/winrm_client_cert.pem
|
||||||
|
|
||||||
|
The certificate file of the client certificate to use for winrm
|
||||||
|
connections to Windows nodes.
|
||||||
|
|
||||||
|
.. note:: Currently certificate verification is disabled when
|
||||||
|
connecting to Windows nodes via winrm.
|
||||||
|
|
||||||
.. _admin_sitewide_variables:
|
.. _admin_sitewide_variables:
|
||||||
|
|
||||||
.. attr:: variables
|
.. attr:: variables
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Client certificate locations to be used by winrm connections can be
|
||||||
|
configured now.
|
|
@ -587,6 +587,12 @@ class AnsibleJob(object):
|
||||||
self.private_key_file = get_default(self.executor_server.config,
|
self.private_key_file = get_default(self.executor_server.config,
|
||||||
'executor', 'private_key_file',
|
'executor', 'private_key_file',
|
||||||
'~/.ssh/id_rsa')
|
'~/.ssh/id_rsa')
|
||||||
|
self.winrm_key_file = get_default(self.executor_server.config,
|
||||||
|
'executor', 'winrm_cert_key_file',
|
||||||
|
'~/.winrm/winrm_client_cert.key')
|
||||||
|
self.winrm_pem_file = get_default(self.executor_server.config,
|
||||||
|
'executor', 'winrm_cert_pem_file',
|
||||||
|
'~/.winrm/winrm_client_cert.pem')
|
||||||
self.ssh_agent = SshAgent()
|
self.ssh_agent = SshAgent()
|
||||||
|
|
||||||
self.executor_variables_file = None
|
self.executor_variables_file = None
|
||||||
|
@ -1007,6 +1013,18 @@ class AnsibleJob(object):
|
||||||
connection_type = node.get('connection_type')
|
connection_type = node.get('connection_type')
|
||||||
if connection_type:
|
if connection_type:
|
||||||
host_vars['ansible_connection'] = connection_type
|
host_vars['ansible_connection'] = connection_type
|
||||||
|
if connection_type == "winrm":
|
||||||
|
host_vars['ansible_winrm_transport'] = 'certificate'
|
||||||
|
host_vars['ansible_winrm_cert_pem'] = \
|
||||||
|
self.winrm_pem_file
|
||||||
|
host_vars['ansible_winrm_cert_key_pem'] = \
|
||||||
|
self.winrm_key_file
|
||||||
|
# NOTE(tobiash): This is necessary when using default
|
||||||
|
# winrm self-signed certificates. This is probably what
|
||||||
|
# most installations want so hard code this here for
|
||||||
|
# now.
|
||||||
|
host_vars['ansible_winrm_server_cert_validation'] = \
|
||||||
|
'ignore'
|
||||||
|
|
||||||
host_keys = []
|
host_keys = []
|
||||||
for key in node.get('host_keys'):
|
for key in node.get('host_keys'):
|
||||||
|
|
Loading…
Reference in New Issue