Closed maxlinc closed 9 years ago
I updated with a working example that uses a personality file (bootstrap.cmd) to setup WinRM.
Regarding security:
Warning! Vagrant is using plaintext communication for WinRM. While
this isn't much of a big deal for local development, this is quite
insecure for remote servers. Please configure WinRM to use SSL.
gem 'vagrant'
line) if you want to try it with SSL.rackspace.allow_insecure = true
that controls whether security concerns are warnings or errors.I think the remaining questions are:
My concern with exposing the personality functionality is that it is not very intuitive. I am also afraid that we might see a lot of issues related to exceeding the personality files storage size. I am still leaning towards something like winrm_bootstrap true
.
What are your thoughts?
As far as dropping the legacy rsync code, has vagrant-aws increased their dependency yet? I would like to as stay compatible with the other providers as possible.
I’m unfamiliar with the personalities (in this context…).
On June 17, 2014 at 3:20:03 PM, Kyle Rames (notifications@github.com) wrote:
My concern with exposing the personality functionality is that it is not very intuitive. I am also afraid that we might see a lot of issues related to exceeding the personality files storage size. I am still leaning towards something like winrm_bootstrap true.
What are your thoughts?
As far as dropping the legacy rsync code, has vagrant-aws increased their dependency yet? I would like to as stay compatible with the other providers as possible.
— Reply to this email directly or view it on GitHub.
I'm not sure "compatible with vagrant-aws" and "minimum required vagrant version" are two sides of the same coin.
The current situation seems to be:
So my vote is still:
Re: personalities
Most people shouldn't need to mess with personalities, but I can't create a single winrm_bootstrap script that'll satisfy everyone. I think a more flexible API is needed, either by exposing the data directly, like the current PR, or something like this:
# This is the normal file provisioner. The personality file will be similar.
# This is *usually* preferable, but cannot be used to configure winrm or ssh security, since it happens after Vagrant connects.
config.vm.provision :file, source: 'hello.txt', destination: "/home/vagrant/hello.txt"
# Personality file provisioning - happens before server is created
config.vm.provider :rackspace do |rs|
# This are put on the machine when it's first built, before vagrant connects
rs.personality_file source: '~/.ssh/config', destination: "/home/vagrant/.ssh/config"
# We could also convert line endings unless the file is binary, like the normal shell provisioner
rs.personality_file source: 'my_key.p12', destination: "/home/vagrant/.ssh/my_key.p12", :binary => true
end
@maxlinc do you see opening up the personality functionality as generating more support tickets with people trying to use it to upload larger than allowable files?
@elight Here is the personality documentation. You can see that file names and file sizes are limited.
@krames If it blows up with an ugly error, than perhaps. If we raise a clear error message, than probably not.
The rules about file size and maximum # of files are easy to validate (they are available via the limits API) or rescue and display clear error messages.
These things are harder, because the rules aren't available via a limits API and they may be ignored rather than raising an error on server creation:
It might be worth checking the configuration against those rules. I don't like the idea of hardcoding the checks, but I also don't think these rules are as likely to change as the size limits.
We've got real support now, not just experimental support!
There are some things in this PR I think probably shouldn't be merged, at least without changes, but I thought the diff would be useful for discussion.
Vagrant 1.6 has been released, and includes better support for Windows Guests. I have a working spike of vagrant-rackspace with Windows, which creates a server from a base windows image and uses simple winrm (combined with chocolatey) to install ruby + ruby devkit, git, clone fog, and run fog's unit tests.
The minimal set of changes I think are required to get WinRM working are:
bootstrap.cmd
script to configure WinRM. I did this by letting vagrant set the personality options for the server. (Note that I also had to convert *nix to Windows line-endings)@krames, @elight - can you review those three items?
Known limitations - server-side (i.e. needs a solution that's specific to Rackspace server provisioning):
Known limitations - client-side (i.e. might be resolved by generic vagrant core changes):
Despite these limitations, the support is still useful for some workflows. I think the main thing, though, is just making sure vagrant-rackspace is out of the way so users can take advantage of Windows Guest support as it improves in vagrant core.