search

WinRb / WinRM

Ruby library for Windows Remote Management
Apache License 2.0
412 stars 117 forks source link

500 returned in cleanup with error: Bad HTTP response returned from server. Body(if present): (500) #321

Closed lmayorga1980 closed 3 years ago

lmayorga1980 commented 3 years ago

I am running kitchen-ec2 which has a dependency on WinRM Ruby gem. I am having some issues trying to run kitchen converge with the following error

https://github.com/WinRb/WinRM/blob/122733270a9e6c69b6db47d66e8deafad1e3f09d/lib/winrm/shells/base.rb#L149-L164

error

SUCCESS: Specified value was saved.
D      [WinRM] Waiting for output...
D      [WinRM] cleaning up command_id: 997FA0BF-563D-4CB5-B979-E33F37059BE1 on shell_id EA5EAF43-18DF-4E96-B68B-AD3C177D2F7A
       [WinRM] 500 returned in cleanup with error: Bad HTTP response returned from server. Body(if present): (500).
D      Cleaning up local sandbox in /tmp/default-windows-2019-sandbox-20210115-866-6nucwm
>>>>>> ------Exception-------
>>>>>> Class: Kitchen::ActionFailed
>>>>>> Message: 1 actions failed.
>>>>>>     Failed to complete #converge action: [Bad HTTP response returned from server. Body(if present): (500).] on default-windows-2019

This happens from time to time on a t2.xlarge instance with the following user_data.ps1

<powershell>

write-output "Running User Data Script"
write-host "(host) Running User Data Script"

# Remove HTTP listener
Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse

$Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName "packer"
New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $Cert.Thumbprint -Force

# WinRM
echo "Starting up WinRm setup"
write-output "Setting up WinRM"
write-host "(host) setting up WinRM"

cmd.exe /c winrm quickconfig -q
cmd.exe /c winrm set "winrm/config" '@{MaxTimeoutms="1800000"}'
cmd.exe /c winrm set "winrm/config/winrs" '@{MaxMemoryPerShellMB="1024"}'
cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{CredSSP="true"}'
cmd.exe /c winrm set "winrm/config/listener?Address=*+Transport=HTTPS" "@{Port=`"5986`";Hostname=`"packer`";CertificateThumbprint=`"$($Cert.Thumbprint)`"}"
cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes
cmd.exe /c netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow
cmd.exe /c netsh firewall add portopening TCP 5986 "Port 5986"
cmd.exe /c net stop winrm
cmd.exe /c sc config winrm start= auto
cmd.exe /c net start winrm
echo "Completed WinRm setup"
</powershell>

Are there any missing configuration on WinRM for Windows 2019.

mwrock commented 3 years ago

My guess is that you are "over configuring" winrm. I think the key problem is where you start and stop winrm at the end of your user_data script. What often happens in this scenario is kitchen-ec2 sees that winrm is responding and and starts sending commands. Windows 2019 enables winrm by default. So by the time user_data gets to cmd.exe /c net stop winrm, kitchen-ec2 is likely already running a command and stopping it here will cause the above error.

The following lines are definitely not needed on windows 2019 and a recent version of test-kitchen (within the last few years):

cmd.exe /c winrm quickconfig -q

cmd.exe /c winrm set "winrm/config/winrs" '@{MaxMemoryPerShellMB="1024"}'
cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}'

cmd.exe /c sc config winrm start= auto

The CredSSP config might also be unnecessary but you should experiment with that. I'm also not sure if adding the cert to the HTTPS endpoint requires a restart. If you can avoid the restart, then great but if you really need it, I would stop winrm at the very beginning of the user_data.ps1 script and then start it at the very end so that kitchen-ec2 does not connect until user_data completes.

lmayorga1980 commented 3 years ago

The following worked out for me 

<powershell>

#Create Kitchen Administrator User

cmd /c net user kitchen *** /add /y
cmd /c 'wmic UserAccount where Name="kitchen" set PasswordExpires=False'
cmd /c net localgroup administrators kitchen /add

Invoke-WebRequest -Uri https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1 -OutFile ConfigureRemotingForAnsible.ps1
Powershell -ExecutionPolicy RemoteSigned .\ConfigureRemotingForAnsible.ps1

</powershell>