mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
$SubjectName variable unused; clean up
Having used this script several times today, I came to notice the $SubjectName variable, being passed in via the CLI, is essentially ignored when generating the SSL certificates, rendering it useless. I believe it's a good idea to have it in place, so I've updated the script to reflect this. I also cleaned up some random new lines throughout the file, and expanded on a comment. It might be worth going a step further and commenting the file fully, as most people reviewing this file won't be familiar with PowerShell (like I wasn't unitl a few days ago). It could be helpful.
This commit is contained in:
Michael Crilly
nitzmahone
parent
badc922c73
commit
e9fe5f201f
1 changed files with 14 additions and 16 deletions
|
|
@ -1,4 +1,4 @@
|
|||
# Configure a Windows host for remote management with Ansible
|
||||
# Configure a Windows host for remote management with Ansible
|
||||
# -----------------------------------------------------------
|
||||
#
|
||||
# This script checks the current WinRM/PSRemoting configuration and makes the
|
||||
|
|
@ -10,9 +10,11 @@
|
|||
#
|
||||
# Written by Trond Hindenes <trond@hindenes.com>
|
||||
# Updated by Chris Church <cchurch@ansible.com>
|
||||
# Updated by Michael Crilly <mike@autologic.cm>
|
||||
#
|
||||
# Version 1.0 - July 6th, 2014
|
||||
# Version 1.1 - November 11th, 2014
|
||||
# Version 1.2 - May 15th, 2015
|
||||
|
||||
Param (
|
||||
[string]$SubjectName = $env:COMPUTERNAME,
|
||||
|
|
@ -20,7 +22,6 @@ Param (
|
|||
$CreateSelfSignedCert = $true
|
||||
)
|
||||
|
||||
|
||||
Function New-LegacySelfSignedCert
|
||||
{
|
||||
Param (
|
||||
|
|
@ -60,11 +61,12 @@ Function New-LegacySelfSignedCert
|
|||
$certdata = $enrollment.CreateRequest(0)
|
||||
$enrollment.InstallResponse(2, $certdata, 0, "")
|
||||
|
||||
# Return the thumbprint of the last installed cert.
|
||||
# Return the thumbprint of the last installed certificate;
|
||||
# This is needed for the new HTTPS WinRM listerner we're
|
||||
# going to create further down.
|
||||
Get-ChildItem "Cert:\LocalMachine\my"| Sort-Object NotBefore -Descending | Select -First 1 | Select -Expand Thumbprint
|
||||
}
|
||||
|
||||
|
||||
# Setup error handling.
|
||||
Trap
|
||||
{
|
||||
|
|
@ -73,14 +75,12 @@ Trap
|
|||
}
|
||||
$ErrorActionPreference = "Stop"
|
||||
|
||||
|
||||
# Detect PowerShell version.
|
||||
If ($PSVersionTable.PSVersion.Major -lt 3)
|
||||
{
|
||||
Throw "PowerShell version 3 or higher is required."
|
||||
}
|
||||
|
||||
|
||||
# Find and start the WinRM service.
|
||||
Write-Verbose "Verifying WinRM service."
|
||||
If (!(Get-Service "WinRM"))
|
||||
|
|
@ -93,7 +93,6 @@ ElseIf ((Get-Service "WinRM").Status -ne "Running")
|
|||
Start-Service -Name "WinRM" -ErrorAction Stop
|
||||
}
|
||||
|
||||
|
||||
# WinRM should be running; check that we have a PS session config.
|
||||
If (!(Get-PSSessionConfiguration -Verbose:$false) -or (!(Get-ChildItem WSMan:\localhost\Listener)))
|
||||
{
|
||||
|
|
@ -112,17 +111,19 @@ If (!($listeners | Where {$_.Keys -like "TRANSPORT=HTTPS"}))
|
|||
# HTTPS-based endpoint does not exist.
|
||||
If (Get-Command "New-SelfSignedCertificate" -ErrorAction SilentlyContinue)
|
||||
{
|
||||
$cert = New-SelfSignedCertificate -DnsName $env:COMPUTERNAME -CertStoreLocation "Cert:\LocalMachine\My"
|
||||
$cert = New-SelfSignedCertificate -DnsName $SubjectName -CertStoreLocation "Cert:\LocalMachine\My"
|
||||
$thumbprint = $cert.Thumbprint
|
||||
Write-Host "Self-signed SSL certificate generated; thumbprint: $thumbprint"
|
||||
}
|
||||
Else
|
||||
{
|
||||
$thumbprint = New-LegacySelfSignedCert -SubjectName $env:COMPUTERNAME
|
||||
$thumbprint = New-LegacySelfSignedCert -SubjectName $SubjectName
|
||||
Write-Host "(Legacy) Self-signed SSL certificate generated; thumbprint: $thumbprint"
|
||||
}
|
||||
|
||||
# Create the hashtables of settings to be used.
|
||||
$valueset = @{}
|
||||
$valueset.Add('Hostname', $env:COMPUTERNAME)
|
||||
$valueset.Add('Hostname', $SubjectName)
|
||||
$valueset.Add('CertificateThumbprint', $thumbprint)
|
||||
|
||||
$selectorset = @{}
|
||||
|
|
@ -137,7 +138,6 @@ Else
|
|||
Write-Verbose "SSL listener is already active."
|
||||
}
|
||||
|
||||
|
||||
# Check for basic authentication.
|
||||
$basicAuthSetting = Get-ChildItem WSMan:\localhost\Service\Auth | Where {$_.Name -eq "Basic"}
|
||||
If (($basicAuthSetting.Value) -eq $false)
|
||||
|
|
@ -150,7 +150,6 @@ Else
|
|||
Write-Verbose "Basic auth is already enabled."
|
||||
}
|
||||
|
||||
|
||||
# Configure firewall to allow WinRM HTTPS connections.
|
||||
$fwtest1 = netsh advfirewall firewall show rule name="Allow WinRM HTTPS"
|
||||
$fwtest2 = netsh advfirewall firewall show rule name="Allow WinRM HTTPS" profile=any
|
||||
|
|
@ -177,19 +176,18 @@ $httpsResult = New-PSSession -UseSSL -ComputerName "localhost" -SessionOption $h
|
|||
|
||||
If ($httpResult -and $httpsResult)
|
||||
{
|
||||
Write-Verbose "HTTP and HTTPS sessions are enabled."
|
||||
Write-Verbose "HTTP: Enabled | HTTPS: Enabled"
|
||||
}
|
||||
ElseIf ($httpsResult -and !$httpResult)
|
||||
{
|
||||
Write-Verbose "HTTP sessions are disabled, HTTPS session are enabled."
|
||||
Write-Verbose "HTTP: Disabled | HTTPS: Enabled"
|
||||
}
|
||||
ElseIf ($httpResult -and !$httpsResult)
|
||||
{
|
||||
Write-Verbose "HTTPS sessions are disabled, HTTP session are enabled."
|
||||
Write-Verbose "HTTP: Enabled | HTTPS: Disabled"
|
||||
}
|
||||
Else
|
||||
{
|
||||
Throw "Unable to establish an HTTP or HTTPS remoting session."
|
||||
}
|
||||
|
||||
Write-Verbose "PS Remoting has been successfully configured for Ansible."
|
||||
|
|
|
|||
Loading…
Reference in a new issue