This is a Rundeck Node Execution/ File Copier plugin that uses WinRM to connect to Windows and execute commands and scripts. It uses the python WinRM Library to provide the WinRM implementation.
Download from the releases page and copy the py-winrm-plugin-X.X.X.zip to the libext/ directory for Rundeck.
It can be installed with the following command: pip install pywinrm
For further information see: Python Winrm Requirements
winrm-authtype
username
)winrm-password-storage-path
.
Also the password can be overwritten on the job level using an input secure option called winrmpassword
winrm-nossl
winrm-transport
winrm-port
winrm-shell
winrm-readtimeout
winrm-operationtimeout
winrm-retry-connection
winrm-retry-connection-delay
For Kerberos
kinit
command used for create ticket (default: kinit)<node name="Hostname"
description="Windows Server"
tags="windows"
hostname="192.168.0.1"
osArch="amd64"
osFamily="windows"
osName="Windows Server 2012 R2"
osVersion="6.3"
username="rundeckuser@domain.local"
winrm-password-storage-path="keys/node/windows.password"
winrm-authtype="basic"/>
The username can be overwritten using a job input option called "username"` or it can be set at project level.
The transport methods supported are:
Further information here
To use CredSSP authentication you need these optional dependencies
pip install pywinrm[credssp]
The pywinrm library has support for kerberos authentication, but it cannot create the kerberos ticket, which needs to be initiate outside the pywinrm scope:
kerberos: Will use Kerberos authentication for domain accounts which only works when the client is in the same domain as the server and the required dependencies are installed. Currently a Kerberos ticket needs to be initialized outside of pywinrm using the kinit command.
Source here
So, in order to connect to a windows box using kerberos we added a call to the kinit username
command before connecting to the node.
In resume, to use Kerberos authentication the following requirements are needed:
pexpect
librarykerberos
library $ sudo apt-get install python-dev libkrb5-dev
$ pip install wheel
$ pip install pywinrm[kerberos]
$ pip install requests-kerberos
$ pip install pexpect
$ sudo yum install python-devel krb5-devel krb5-workstation gcc
$ pip install wheel
$ pip install pywinrm[kerberos]
$ pip install requests-kerberos
$ pip install pexpect
Don't use the file copier to transfer big files, the performance is not the best to transfer large files. It works OK passing inline scripts to remote windows nodes
This plugin include a connectivity test script that can be used as a Workflow Step or it could be called it directly, for example:
python contents/winrm-check.py --username <username> --hostname <windows-server> --password <password>
From version 2.0.8, we added a config option to control the way a script finishes (about success/failure status)
The option called Script Exit Behaviour
defines the behavior of scripts step status.
console: This is the default behavior and the way previous versions work. The script will fail if there are any logs in the error console (stderr). In some cases, a script can return a warning which will produce that the step fails.
exitcode: This is the new approach. The script step will fail if the exit code is set manually. So if you need to control errors, you will need to find the way to capture the exit code of your commands inside the script, for example:
Option 1: check the last exit code
# some code with error
get-services
if ($lastExitCode -ne "0") { exit 1 }
* Option 2: add a try/catch block
```powershell
try {
# some code with error
get-services
}
catch {
Write-Error $_
exit 1
}
If you get the following error:
module object has no attribute 'SSL_ST_INIT'
Update your version of PyOpenSSL:
python -m easy_install --upgrade pyOpenSSL
If you get the following error after run a PowerShell Script:
Failed: NonZeroResultCode: [WinRM Python] Result code: 1
Configure the Script Invocation Script as:
powershell.exe -ExecutionPolicy Bypass
Or you can make it permanent on the server executing on the Remote Node in powershell:
Set-ExecutionPolicy -ExecutionPolicy Unrestricted
Check these instructions for docker test