Support using the EC2 GetPasswordData API as a means of getting the WinRM password #423

rafd123 · 2015-11-09T20:25:41Z

Today, when provisioning a Windows AMI, the WinRM username/password needs to be hard coded and well known prior to performing a vagrant up.

It'd be nice if there was a way to have the vagrant-aws plugin dynamically fetch the EC2-generated administrator password (via GetPasswordData) to be used to authenticate to Windows AMIs via WinRM.

It seems like with this functionality, Windows AMIs would have some parity with Linux AMIs with respect to shell authentication.

shaned24 · 2015-11-11T17:06:37Z

Here is my attempt, I'm having trouble with WinRM timing out and not being able to establish a connection with the booted instance on EC2

I have created a security group called 'vagrant' which opens WinRM ports

# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
  # Enable dotEnv
  config.env.enable

  # Set default communicator
  config.vm.communicator = 'winrm'

  config.winrm.username = 'Administrator'

  config.vm.provider :aws do |aws, override|

        aws.security_groups = ['vagrant']
        aws.access_key_id = ENV['AWS_ACCESS_KEY']
        aws.secret_access_key = ENV['AWS_SECRET_KEY']
        aws.keypair_name = "vagrant-ec2"

        # windows server 2012 with SQL Server Web
        aws.ami = "ami-41fca024"
        aws.instance_type = "m3.medium"

        aws.tags = {
            "Name" => "EC2 Windows 2012 R2 Instance",
        }

        override.vm.box = "dummy"
        override.vm.box_url = "https://github.com/mitchellh/vagrant-aws/raw/master/dummy.box"

        # Figured this was an easy way of getting the instance ID
        instance_id = File.open(".vagrant/machines/default/aws/id", "r").first

        override.winrm.username = 'Administrator'

        # using the ec2 cli i can get the password for the instance 
        override.winrm.password = exec "ec2-get-password -k ./vagrant-ec2.pem #{instance_id}"

    end
end

rafd123 · 2015-11-11T17:20:04Z

@shaned24 Cool!

I'd love this functionality to be built into the vagrant-aws plugin.

Towards this end, here's my attempt at augmenting the vagrant-aws plugin with another plugin (I wrote it yesterday and published it this morning): https://github.com/rafd123/vagrant-aws-winrm

I'd love any feedback (particularly since I'm new to Ruby, let alone vagrant plugin development).

If this holds water, the next action would be to submit a vagrant-aws pull request with the same functionality.

…eans of getting the WinRM password Adds a winrm_info provider capability. If the winrm.password is set to :aws, go fetch the AWS password data for the machine, decrypt the user-specified private key, and set it as the winrm.password

…M password Adds a winrm_info provider capability to support using the EC2 GetPasswordData API as a means of getting the WinRM password. If the winrm.password is set to :aws, go fetch the AWS password data for the machine, decrypt the user-specified private key, and set it as the winrm.password

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support using the EC2 GetPasswordData API as a means of getting the WinRM password #423

Support using the EC2 GetPasswordData API as a means of getting the WinRM password #423

rafd123 commented Nov 9, 2015

shaned24 commented Nov 11, 2015

rafd123 commented Nov 11, 2015

Support using the EC2 GetPasswordData API as a means of getting the WinRM password #423

Support using the EC2 GetPasswordData API as a means of getting the WinRM password #423

Comments

rafd123 commented Nov 9, 2015

shaned24 commented Nov 11, 2015

rafd123 commented Nov 11, 2015