ClusterAPI.imageBuilder/ansible/windows/ansible_winrm.ps1

# Copyright 2020 The Kubernetes Authors.

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at

# http://www.apache.org/licenses/LICENSE-2.0

# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# This file is from packer documentation: 
# https://www.packer.io/docs/provisioners/ansible.html#winrm-communicator
# https://www.packer.io/docs/builders/amazon/ebs#connecting-to-windows-instances-using-winrm

Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force -ErrorAction Ignore

# Don't set this before Set-ExecutionPolicy as it throws an error
$ErrorActionPreference = "stop"

# Remove HTTP listener
Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse

# Create a self-signed certificate to let ssl work
$Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName "packer"
New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $Cert.Thumbprint -Force

# WinRM
write-output "Setting up WinRM"
write-host "(host) setting up WinRM"

cmd.exe /c winrm quickconfig -q
cmd.exe /c winrm set "winrm/config" '@{MaxTimeoutms="1800000"}'
cmd.exe /c winrm set "winrm/config/winrs" '@{MaxMemoryPerShellMB="1024"}'
cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{CredSSP="true"}'
cmd.exe /c winrm set "winrm/config/listener?Address=*+Transport=HTTPS" "@{Port=`"5986`";Hostname=`"packer`";CertificateThumbprint=`"$($Cert.Thumbprint)`"}"
cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes
cmd.exe /c netsh firewall add portopening TCP 5986 "Port 5986"
cmd.exe /c net stop winrm
cmd.exe /c sc config winrm start= auto
cmd.exe /c net start winrm
Test dependencies 2023-02-22 21:24:42 +01:00			`# Copyright 2020 The Kubernetes Authors.`

			`# Licensed under the Apache License, Version 2.0 (the "License");`
			`# you may not use this file except in compliance with the License.`
			`# You may obtain a copy of the License at`

			`# http://www.apache.org/licenses/LICENSE-2.0`

			`# Unless required by applicable law or agreed to in writing, software`
			`# distributed under the License is distributed on an "AS IS" BASIS,`
			`# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`# See the License for the specific language governing permissions and`
			`# limitations under the License.`

			`# This file is from packer documentation:`
			`# https://www.packer.io/docs/provisioners/ansible.html#winrm-communicator`
			`# https://www.packer.io/docs/builders/amazon/ebs#connecting-to-windows-instances-using-winrm`

			`Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force -ErrorAction Ignore`

			`# Don't set this before Set-ExecutionPolicy as it throws an error`
			`$ErrorActionPreference = "stop"`

			`# Remove HTTP listener`
			`Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse`

			`# Create a self-signed certificate to let ssl work`
			`$Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName "packer"`
			`New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $Cert.Thumbprint -Force`

			`# WinRM`
			`write-output "Setting up WinRM"`
			`write-host "(host) setting up WinRM"`

			`cmd.exe /c winrm quickconfig -q`
			`cmd.exe /c winrm set "winrm/config" '@{MaxTimeoutms="1800000"}'`
			`cmd.exe /c winrm set "winrm/config/winrs" '@{MaxMemoryPerShellMB="1024"}'`
			`cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}'`
			`cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}'`
			`cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}'`
			`cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}'`
			`cmd.exe /c winrm set "winrm/config/service/auth" '@{CredSSP="true"}'`
			cmd.exe /c winrm set "winrm/config/listener?Address=*+Transport=HTTPS" "@{Port=`"5986`";Hostname=`"packer`";CertificateThumbprint=`"$($Cert.Thumbprint)`"}"
			`cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes`
			`cmd.exe /c netsh firewall add portopening TCP 5986 "Port 5986"`
			`cmd.exe /c net stop winrm`
			`cmd.exe /c sc config winrm start= auto`
			`cmd.exe /c net start winrm`