|
HI Steven, If you take a look at the knife windows bootstrap subcommand, you’ll note that you can use an ssh gateway as a tunnel through which you can execute winrm commands;
that’s the kind of support I was thinking about for the knife winrm subcommand. Thanks for the pointer on the cookbook! I’ll probably throw something together to allow ssh tunnels and see if the opscode folks think it’s useful. Best James From: Steven Murawski [mailto:
The knife-windows plugin allows you to bootstrap Windows nodes via WinRM or via SSH. If you are using SSH as the transport, you can use an SSH gateway, but if you are using
WinRM to bootstrap there is not such an option. The same story exists for executing commands via WinRM through knife. If you'd like to submit a pull request to add support for a WinRM gateway (which is possible, just not a common scenario in my experience), the project is https://github.com/opscode/knife-windows and
is under active development. One downside of a WinRM gateway is if you might have to inject a username and password into the remote session, possibly exposing that password in memory in that process. If you have Kerberos delegation configured from the trusted
gateway to the target node, that may be avoidable, but otherwise you might hit second-hop issues with the security context of the WinRM session. Steve -- Steven Murawski Community Software Development Engineer @ Chef Microsoft MVP - PowerShell On January 9, 2015 at 10:30:56 AM, James Harrison (
">
) wrote:
|
Archive powered by MHonArc 2.6.16.