search

saltstack / salt

Software to automate the management and configuration of any infrastructure or application at scale. Get access to the Salt software package repository here:
https://repo.saltproject.io/
Apache License 2.0
14.01k stars 5.47k forks source link

Saltstack feature request for winrm #11260

Closed aboe76 closed 6 years ago

aboe76 commented 10 years ago

Saltstack salt-master could gain winrm support with these libraries:

WinRM allows you to call native objects in Windows. This includes, but is not limited to, running batch scripts, powershell scripts and fetching WMI variables. For more information on WinRM, please visit http://msdn.microsoft.com/en-us/library/aa384426.aspx

This would give saltstack a better method of talking to windows minions. and it would gain a lot of cool stuff windows is building with winrm and powershell Like remote execution.

This needs to be investigated further in what is the most usefull library to use for salt.

techhat commented 10 years ago

@aboe76, I would love to get winrm support into Salt! Do you have working experience with it? I was looking at putting together a proxy minion module.

aboe76 commented 10 years ago

No but was thinking about it after a powershell course

slai commented 10 years ago

If we go down this road, Windows Server 2012 also has PowerShell Desired State Configuration (DSC). Effectively, it is Salt/Puppet/Chef for Windows. You can define states in PowerShell and it'll enforce them.

http://blogs.technet.com/b/privatecloud/archive/2013/08/30/introducing-powershell-desired-state-configuration-dsc.aspx

When it was announced, Microsoft worked with Chef to demo Chef configuring a Windows Server 2012 instance. They still haven't released a production ready version of that integration though (as far as Google can tell me) so I don't quite know how it worked, but I believe they converted the Chef 'states' into MOF (the intermediary format used to describe states) before sending them over WinRM and getting DSC on the server to enforce it.

As for WinRM, there's a benefit in that it works in any standard Windows domain environment, but it introduces a different communication transport that only works for Windows. It is also a bit fiddly for non-domain machines, because they won't have WinRM configured. I think WinRM would be most useful in Salt as a mechanism for deploying Salt, but not necessarily as a new transport.

devx commented 10 years ago

I think powershell would have a lot more flexibility specially for servers not in a domain (as slai mention). Additionally I think PowerShell Remoting would be a good alternative to winrm, and it's secure.

http://digital-forensics.sans.org/blog/2013/09/03/the-power-of-powershell-remoting

damon-atkins commented 9 years ago

+1 for DSC support. Yes both Chef (unreleased) and Puppet (some nice person, release) have it.

alxbse commented 9 years ago

@techhat Maybe the basic winrm code in salt/utils/cloud.py should be moved to a dedicated salt/utils/winrm.py so it can be used more generally?

lorengordon commented 8 years ago

+1 for a winrm execution module.

stale[bot] commented 6 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue.