cookbook 'winrm-config', '= 0.2.5'
winrm-config (10) Versions 0.2.5 Follow8
Configures winrm service and client
cookbook 'winrm-config', '= 0.2.5', :supermarket
knife supermarket install winrm-config
knife supermarket download winrm-config
WinRM-config Cookbook
Configure WinRM service and client.
Requirements
This cookbook requires Chef 12.1+ and the windows cookbook v2.10.
Platforms
This cookbook only supports the following platforms:
- Windows Server 2008 (R1, R2)
- Windows Server 2012 (R1, R2)
Usage
Place an explicit dependency on this cookbook (using depends in the cookbook's metadata.rb)
from any cookbook where you would like to use the winrm-config-specific resources/providers
that ship with this cookbook.
depends 'winrm-config'
Then include the recipes you want, or use one the LWRP provided.
The default recipe, should setup a working WinRM environment.
Providers & Resources
listener
Actions
Action | Description |
---|---|
configure | Create or update the specified WinRM listener |
delete | Delete the specified WinRM listener if it exists |
Attributes
Attribute | Description | Type | Default |
---|---|---|---|
name | Name of the resource | String | |
address | Address on which the service is configured to listen | String | * |
certificate_thumbprint | Thumbprint of the certificate to use with HTTPS transport | String | `` |
enabled | Whether the current listener should be enabled or not | TrueClass, FalseClass | true |
hostname | Hostname of the server where the listener is configured | String | `` |
port | Port on which the service is configured to listen | Fixnum | 5985 |
transport | Transport used over the with WS-Management protocol | Symbol<br/>:HTTP,:HTTPS | :HTTP |
url_prefix | URL prefix on which to accept HTTP or HTTPS requests | String | wsman |
service_certmapping
This provider allows to configure or delete a WinRM user <-> certificate mapping.
NOTE: The user password cannot contain a double quote "
, due to the usage of winrm.vbs
(see #8)
Actions
Action | Description |
---|---|
configure | Create or update the specified WinRM certificate mapping |
delete | Delete the specified WinRM certificate mapping if it exists |
Attributes
Attribute | Description | Type | Default |
---|---|---|---|
name | Name of the resource | String | |
enabled | Whether the current certificate mapping is enabled or not | TrueClass, FalseClass | true |
issuer | Thumbprint of the issuer of theclient certificate | String | |
password | Password of the local user for processing the request | String | |
subject | Subject field of the client certificate | String | * |
uri | The URI or URI prefix for which this mapping applies | String | * |
username | Local username for processing the request | String |
Recipes
winrm-config::client
Configures all WinRM client settings via registry keys, then performs a restart of the WinRM windows service.
Attributes
WinRM client settings are configurable via node['winrm_config']['client']
attributes, which follows the msdn documentation.
Attribute | Description | Type | Default |
---|---|---|---|
AllowUnencrypted | Allow unencrypted communication with WinRM service | TrueClass, FalseClass | false |
Basic | Allow the client to use Basic authentication
|
TrueClass, FalseClass | true |
Certificate | Allow the client tu use certificate authentication
|
TrueClass, FalseClass | true |
CredSSP | Allow the client tu use CredSSP authentication
|
TrueClass, FalseClass | false |
Digest | Allow the client to use Digest authentication
|
TrueClass, FalseClass | true |
Kerberos | Allow the client to use Kerberos authentication
|
TrueClass, FalseClass | true |
Negotiate | Allow the client to use Negotiate authentication
|
TrueClass, FalseClass | true |
NetworkDelayms | Time in milliseconds to accomodate to the network delay | String | 5000 |
TrustedHosts | List of trusted remote computer | String | `` |
URLPrefix | URL prefix on which to accept HTTP or HTTPS requests | String | wsman |
Default ports used for either HTTP or HTTPs can be configured via node['winrm_config']['client']['DefaultPorts']
Attribute | Description | Type | Default |
---|---|---|---|
HTTP | The ports used by the client for HTTP | Fixnum | 5985 |
HTTPS | The ports used by the client for HTTPS | Fixnum | 5986 |
winrm-config::default
A convenience recipe that include the following recipes to enable a default WinRM working service:
winrm-config::windows_service
winrm-config::protocol
winrm-config::client
winrm-config::listeners
winrm-config::service
winrm-config::winrs
winrm-config::listeners
A convenience recipe to defines WinRM listeners via registry keys, then
performs a restart of the WinRM windows service.
Attributes
You can define multiples listener via the node['winrm_config']['listeners']
hash, following the msdn documentation for each entry.
Attribute | Description | Type | Default |
---|---|---|---|
Address | Address on which the service is configured to listen | String | * |
CertificateThumbprint | Thumbprint of the certificate to use with HTTPS transport | String | `` |
Enabled | Whether the current listener should be enabled or not | TrueClass, FalseClass | true |
Hostname | Hostname of the server where the listener is configured | String | `` |
Port | Port on which the service is configured to listen | Fixnum | 5985 |
Transport | Transport used over the with WS-Management protocol | Symbol<br/>:HTTP,:HTTPS | :HTTP |
URLPrefix | URL prefix on which to accept HTTP or HTTPS requests | String | wsman |
winrm-config::protocol
Configures WinRM protocol settings via registry key, then preforms a restart
of the WinRM windows service.
Attributes
WinRM protocol settings attributes are accessible via node['winrm_config']['protocol']
,
following the msdn documentation.
Attribute | Description | Type | Default |
---|---|---|---|
MaxEnvelopeSizekb | The maximum SOAP data in kilobytes | Fixnum | 150 |
MaxTimeoutms | The maximum request time-out in milliseconds | Fixnum | 60 000 |
MaxBatchItems | The maximum number of elements composing a Pull response | Fixnum | 32 000 |
winrm-config::service
Configures all WinRM service settings via registry keys, then performs a
restart of the WinRM windows service.
Attributes
WinRM service settings are configurable via node['winrm_config']['service']
attributes, which follows the msdn documentation.
Attribute | Description | Type | Default |
---|---|---|---|
AllowUnencrypted | Allow unencrypted communication with clients | TrueClass, FalseClass | false |
Basic | Allow the service to use Basic authentication
|
TrueClass, FalseClass | true |
Certificate | Allow the service tu use certificate authentication
|
TrueClass, FalseClass | true |
CredSSP | Allow the service tu use CredSSP authentication
|
TrueClass, FalseClass | false |
Kerberos | Allow the service to use Kerberos authentication
|
TrueClass, FalseClass | true |
Negotiate | Allow the service to use Negotiate authentication
|
TrueClass, FalseClass | true |
CbtHardeningLevel | Policy for channel-binding token requirements in authentication requests | String | Relaxed |
EnableCompatibilityHttpListener | Whether to enable additional compatibility HTTP listener on port 80 | TrueClass, FalseClass | false |
EnableCompatibilityHttpsListener | Whether to enable additional compatibility HTTPS listener on port 443 | TrueClass, FalseClass | false |
EnumerationTimeoutms | Maximum time in milliseconds to accomodate to the network delay | String | 5000 |
IPv4Filter | Filter IPV4 addresses that listeners can use | String | `` |
IPv6Filter | Filter IPV6 addresses that listeners can use | String | `` |
MaxConcurrentOperationsPerUser | Maximum number of concurrent operations per user | String | 5000 |
MaxConnections | Maximum number of active requests to process simultaneously | String | 5000 |
MaxPacketRetrievalTimeSeconds | Maximum time in seconds to retrieve a packet | String | 5000 |
RootSDDL | The security descriptor that controls remote access to the listener | String | O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;ER)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD) |
winrm-config::windows_service
A simple recipe to enable and start the WinRM Windows service.
winrm-config::winrs
Configures the WinRS settings via registry keys, then performs a restart of
the WinRM windows service.
Attributes
WinRS settings are configurable via node['winrm_config']['winrs']
Attribute | Description | Type | Default |
---|---|---|---|
AllowRemoteShellAccess | Allows access to remote shells | TrueClass, FalseClass | true |
IdleTimeout | Maximum time in milliseconds to keep an idle shell open | Fixnum | 180 000 |
MaxConcurrentUsers | Maximum number of users who can concurrently open a shell | Fixnum | 5 |
MaxMemoryPerShellMB | Maximum amount of memory in megabytes allocated per shell | Fixnum | 150 |
MaxProcessesPerShell | Maximum number of processes that a shell can start | Fixnum | 15 |
MaxShellsPerUser | maximum number of shell a user can open | Fixnum | 5 |
Contributing
- Fork the repository on Github
- Create a named feature branch (like
add_component_x
) - Write your change
- Write tests for your change (if applicable)
- Run the tests, ensuring they all pass
- Submit a Pull Request using Github
License and Authors
Authors: Baptiste Courtois (b.courtois@criteo.com)
Copyright 2015, Criteo. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
WinRM-config CHANGELOG
This file is used to list changes made in each version of the winrm-config cookbook.
0.2.5 (2018-10-24)
- Make default recipe compatible with Chef 13+ (Thanks Jugatsu)
0.2.4 (2016-11-22)
- Unlock constraint on windows cookbook
0.2.3 (2015-11-20)
- Leverage windows LWRPs for sslcert and urlacl
0.2.2 (2014-04-01)
- Handle properly winrm http urlacl and sslcert via winrm_config_listener
0.2.1 (2014-03-20)
- Allow everyone to access certmapping password hash
0.2.0 (2014-03-16)
- Fix winrm-config::service convergence issue
- Fix winrm_config_listener converge issue
- Fix type in winrm_config_listener
- Properly implement winrm_config_service_certmapping
- Support why_run in both service_certmapping and listener LWRP
- Improve tests for winrm_config_listener & winrm_config_service_certmapping LWRPs
0.1.0 (2014-03-10)
- Initial release of winrm-config
- Provide LWRP to configure
- winrm listeners
- winrm service certmapping
- Provide recipe to enable winrm windows service
- Provide recipes to configure
- winrm service
- winrm client
- winrm protocol
- winrm listeners
- winrs
- Provide Chefspec tests and proper documentation
Collaborator Number Metric
0.2.5 passed this metric
Contributing File Metric
0.2.5 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.2.5 passed this metric
No Binaries Metric
0.2.5 passed this metric
Testing File Metric
0.2.5 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.2.5 passed this metric
0.2.5 passed this metric
0.2.5 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.2.5 passed this metric
No Binaries Metric
0.2.5 passed this metric
Testing File Metric
0.2.5 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.2.5 passed this metric
0.2.5 passed this metric
0.2.5 passed this metric
Testing File Metric
0.2.5 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.2.5 passed this metric
0.2.5 failed this metric
0.2.5 passed this metric