Open gildegoma opened 5 years ago
I would go with ssh only. It should not be any problem to install the latest openssh version on a windows host. And PowerShell core. So also the pwsh Subsystem could be used. And openssh is not only available for windows server 2019, but also works fine with server 2012r2 and 2016 (I'm using that for automated image creation using packer over here.)
Everything that is required to use it:
$env:ProgramData/ssh/sshd_config
Port 22
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication yes
PubkeyAuthentication yes
Subsystem sftp sftp-server.exe
Subsystem powershell pwsh.exe -sshs -NoLogo -NoProfile
HKLM:\SOFTWARE\OpenSSH\DefaultShell
= 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe'New-NetFirewallRule -Name 'sshd' -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
Set-Service -Name 'sshd' -StartupType Automatic
Set-Service -Name 'ssh-agent' -StartupType Automatic
@agowa338 Thank you for your feedback, very much apprecidated. Do you have any public Packer resources to recommend (I'd like to take a little time - but as little as possible - to play with this) ?. Thank you again :blue_heart: :+1:
Sadly I cannot publish my packer scripts, as I wrote them for work, but you can take the steps outlined above and there are other public packer scripts. But they had some problems in our environment, so I rewrote most of it.
Basically all you have to do is patch the sysprep script so that the above script is called and put it onto the floppy image. Sadly, the windows-update provisioner only supports winrm in a horrible fashion, so I disable whole winrm security call it and afterwards I have a script that resets it to default. Anyway, just have a look at some windows packer scripts you find on github and if you encounter any problem when using it with ssh, I'm happy to assist you putting it together, but I currently don't have enough time to redo the whole thing so that I can publish it...
For SSH you only need to do the subsystem/sshd_config work if you want to use PSRP over SSH which is not what happens in pure SSH commands. That's purely so PSCore installs on Linux can do Invoke-Command
or Enter-PSSession
to a Windows host over SSH. If you are just executing commands over an SSH connection then it isn't needed at all.
If you are talking about Ansible + Windows + SSH, you would need to use Ansible 2.8 which is the upcoming release. Previous versions of Ansible won't work for SSH with Windows and even then this is an experimental feature that could change anytime in the future. Not something you want to try and stabilise around. See for details around the implementation and the docs that were added for 2.8 https://github.com/ansible/ansible/pull/47732.
Using ansible_connection: winrm
is definitely the most stable, psrp
is close behind but not as thourouhly tested but should work in most cases. In the end this should be done to the end user to specify and I'm not sure where the problem is from an Ansible + Vagrant perspective on Windows. The only outstanding issue is to create a new release of pywinrm to solve the cert validation issue and I'm trying to follow that up. This could also be potentially solved in Vagrant itself to have that env var that forces the validation to not apply but I'm not sure where that is being defined.
Packer on the other hand has a few problems that make things difficult but I'm successfully using Vagrant + Ansible + Windows right now.
This "Feature Request/Brainstorming" issue is raised after receiving some support issues that prove the difficulty to figure out the "most efficient/correct" way to configure Vagrant to provision a Windows machine with fast-evolving Ansible capabilities and Windows-Remoting moving target.
First, I'd like to gather in this thread community feedbacks and perspectives, in order to establish a long-term roadmap for the future developments on the Vagrant side (e.g. add support for
psrp
connection mode, or recommend OpenSSH-everywhere as of Windows Server 2019,...).Vagrant version
Any version since 1.8.0 release (when WinRM support was added to the Ansible provisioner).
Host operating system
N/A
Guest operating system
Any recent Windows (Server) Release that supports one or more of following Remoting Management Interfaces:
References