rtyler
commented
8 years ago @rafd123 I have no means of verifying that this works; are there any tests you could write or incorporate for this?
Open rafd123 opened 8 years ago
rtyler
commented
8 years ago @rafd123 I have no means of verifying that this works; are there any tests you could write or incorporate for this?
rafd123
commented
8 years ago The easiest way to verify that this works is to specify a Windows AMI and enable WinRM via UserData. You then use the Vagrant WinRM communicator as advertised...the exception being that you specify :aws for the WinRM password; the end result is that the Vagrant WinRM communicator should be able to authenticate without knowing the EC2-generated admin password up front.
To create a test for this means creating an integration test that actually spins up an instance. I didn't see any of these in the code base. If you could point me to an integration test suite that the core team uses to validate vagrant-aws, I'd be more than happy to write a test.
Alternatively, I can create an example box that can be used for smoke testing.
LMK
rafd123
commented
8 years ago FWIW I've updated the README in the PR to include a more complete example on how to get this to work.
Here's the Vagrantfile I used to test this:
Vagrant.configure("2") do |config|
config.vm.box = "dummy"
config.vm.synced_folder ".", "/vagrant", disabled: true
# Set default communicator
config.vm.communicator = 'winrm'
config.winrm.username = 'Administrator'
config.winrm.password = :aws # indicates that the password should be fetched and decrypted from AWS
# private_key_path needed to decrypt the password
config.ssh.private_key_path = '~/mykeypair.pem'
config.vm.provider :aws do |aws, override|
# Security group that allows WinRM port inbound (port 5985)
aws.security_groups = ['some_security_group_that_allows_winrm_inbound']
aws.access_key_id = ENV['AWS_ACCESS_KEY']
aws.secret_access_key = ENV['AWS_SECRET_KEY']
aws.region = 'us-west-2'
# keypair name corresponding to private_key_path
aws.keypair_name = "mykeypair"
# Microsoft Windows Server 2012 Base in us-west-2
aws.ami = "ami-990acff9"
# Enable WinRM on the instance
aws.user_data = <<-USERDATA
<powershell>
Enable-PSRemoting -Force
netsh advfirewall firewall add rule name="WinRM HTTP" dir=in localport=5985 protocol=TCP action=allow
</powershell>
USERDATA
end
endAfter everything is said and done, no only will Vagrant use the EC2-generated administrator password to verify the machine is up using winrm, you can issue a vagrant powershell to remote shell into the machine...again, not having to know the administrator password that EC2 generated.
Adds a winrm_info provider capability to support using the EC2 GetPasswordData API as a means of getting the WinRM password.
If the winrm.password is set to :aws, go fetch the AWS password data for the machine, decrypt the user-specified private key, and set it as the winrm.password