ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
Code Releases Activity

$SubjectName variable unused; clean up

Browse source 
Having used this script several times today, I came to notice the $SubjectName variable, being passed in via the CLI, is essentially ignored when generating the SSL certificates, rendering it useless. I believe it's a good idea to have it in place, so I've updated the script to reflect this.

I also cleaned up some random new lines throughout the file, and expanded on a comment.

It might be worth going a step further and commenting the file fully, as most people reviewing this file won't be familiar with PowerShell (like I wasn't unitl a few days ago). It could be helpful.
This commit is contained in:
Michael Crilly 2015-05-13 15:35:08 +10:00 committed by nitzmahone
parent badc922c73
commit e9fe5f201f
1 changed files with 14 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
examples/scripts/ConfigureRemotingForAnsible.ps1
View file

@ -1,4 +1,4 @@
# Configure a Windows host for remote management with Ansible # Configure a Windows host for remote management with Ansible
# ----------------------------------------------------------- # -----------------------------------------------------------
# #
# This script checks the current WinRM/PSRemoting configuration and makes the # This script checks the current WinRM/PSRemoting configuration and makes the
@ -10,9 +10,11 @@
# #
# Written by Trond Hindenes <trond@hindenes.com> # Written by Trond Hindenes <trond@hindenes.com>
# Updated by Chris Church <cchurch@ansible.com> # Updated by Chris Church <cchurch@ansible.com>
# Updated by Michael Crilly <mike@autologic.cm>
# #
# Version 1.0 - July 6th, 2014 # Version 1.0 - July 6th, 2014
# Version 1.1 - November 11th, 2014 # Version 1.1 - November 11th, 2014
# Version 1.2 - May 15th, 2015
Param ( Param (
[string]$SubjectName = $env:COMPUTERNAME, [string]$SubjectName = $env:COMPUTERNAME,
@ -20,7 +22,6 @@ Param (
$CreateSelfSignedCert = $true $CreateSelfSignedCert = $true
) )
Function New-LegacySelfSignedCert Function New-LegacySelfSignedCert
{ {
Param ( Param (
@ -60,11 +61,12 @@ Function New-LegacySelfSignedCert
$certdata = $enrollment.CreateRequest(0) $certdata = $enrollment.CreateRequest(0)
$enrollment.InstallResponse(2, $certdata, 0, "") $enrollment.InstallResponse(2, $certdata, 0, "")
# Return the thumbprint of the last installed cert. # Return the thumbprint of the last installed certificate;
# This is needed for the new HTTPS WinRM listerner we're
# going to create further down.
Get-ChildItem "Cert:\LocalMachine\my"| Sort-Object NotBefore -Descending | Select -First 1 | Select -Expand Thumbprint Get-ChildItem "Cert:\LocalMachine\my"| Sort-Object NotBefore -Descending | Select -First 1 | Select -Expand Thumbprint
} }
# Setup error handling. # Setup error handling.
Trap Trap
{ {
@ -73,14 +75,12 @@ Trap
} }
$ErrorActionPreference = "Stop" $ErrorActionPreference = "Stop"
# Detect PowerShell version. # Detect PowerShell version.
If ($PSVersionTable.PSVersion.Major -lt 3) If ($PSVersionTable.PSVersion.Major -lt 3)
{ {
Throw "PowerShell version 3 or higher is required." Throw "PowerShell version 3 or higher is required."
} }
# Find and start the WinRM service. # Find and start the WinRM service.
Write-Verbose "Verifying WinRM service." Write-Verbose "Verifying WinRM service."
If (!(Get-Service "WinRM")) If (!(Get-Service "WinRM"))
@ -93,7 +93,6 @@ ElseIf ((Get-Service "WinRM").Status -ne "Running")
Start-Service -Name "WinRM" -ErrorAction Stop Start-Service -Name "WinRM" -ErrorAction Stop
} }
# WinRM should be running; check that we have a PS session config. # WinRM should be running; check that we have a PS session config.
If (!(Get-PSSessionConfiguration -Verbose:$false) -or (!(Get-ChildItem WSMan:\localhost\Listener))) If (!(Get-PSSessionConfiguration -Verbose:$false) -or (!(Get-ChildItem WSMan:\localhost\Listener)))
{ {
@ -112,17 +111,19 @@ If (!($listeners | Where {$_.Keys -like "TRANSPORT=HTTPS"}))
# HTTPS-based endpoint does not exist. # HTTPS-based endpoint does not exist.
If (Get-Command "New-SelfSignedCertificate" -ErrorAction SilentlyContinue) If (Get-Command "New-SelfSignedCertificate" -ErrorAction SilentlyContinue)
{ {
$cert = New-SelfSignedCertificate -DnsName $env:COMPUTERNAME -CertStoreLocation "Cert:\LocalMachine\My" $cert = New-SelfSignedCertificate -DnsName $SubjectName -CertStoreLocation "Cert:\LocalMachine\My"
$thumbprint = $cert.Thumbprint $thumbprint = $cert.Thumbprint
Write-Host "Self-signed SSL certificate generated; thumbprint: $thumbprint"
} }
Else Else
{ {
$thumbprint = New-LegacySelfSignedCert -SubjectName $env:COMPUTERNAME $thumbprint = New-LegacySelfSignedCert -SubjectName $SubjectName
Write-Host "(Legacy) Self-signed SSL certificate generated; thumbprint: $thumbprint"
} }
# Create the hashtables of settings to be used. # Create the hashtables of settings to be used.
$valueset = @{} $valueset = @{}
$valueset.Add('Hostname', $env:COMPUTERNAME) $valueset.Add('Hostname', $SubjectName)
$valueset.Add('CertificateThumbprint', $thumbprint) $valueset.Add('CertificateThumbprint', $thumbprint)
$selectorset = @{} $selectorset = @{}
@ -137,7 +138,6 @@ Else
Write-Verbose "SSL listener is already active." Write-Verbose "SSL listener is already active."
} }
# Check for basic authentication. # Check for basic authentication.
$basicAuthSetting = Get-ChildItem WSMan:\localhost\Service\Auth | Where {$_.Name -eq "Basic"} $basicAuthSetting = Get-ChildItem WSMan:\localhost\Service\Auth | Where {$_.Name -eq "Basic"}
If (($basicAuthSetting.Value) -eq $false) If (($basicAuthSetting.Value) -eq $false)
@ -150,7 +150,6 @@ Else
Write-Verbose "Basic auth is already enabled." Write-Verbose "Basic auth is already enabled."
} }
# Configure firewall to allow WinRM HTTPS connections. # Configure firewall to allow WinRM HTTPS connections.
$fwtest1 = netsh advfirewall firewall show rule name="Allow WinRM HTTPS" $fwtest1 = netsh advfirewall firewall show rule name="Allow WinRM HTTPS"
$fwtest2 = netsh advfirewall firewall show rule name="Allow WinRM HTTPS" profile=any $fwtest2 = netsh advfirewall firewall show rule name="Allow WinRM HTTPS" profile=any
@ -177,19 +176,18 @@ $httpsResult = New-PSSession -UseSSL -ComputerName "localhost" -SessionOption $h
If ($httpResult -and $httpsResult) If ($httpResult -and $httpsResult)
{ {
Write-Verbose "HTTP and HTTPS sessions are enabled." Write-Verbose "HTTP: Enabled | HTTPS: Enabled"
} }
ElseIf ($httpsResult -and !$httpResult) ElseIf ($httpsResult -and !$httpResult)
{ {
Write-Verbose "HTTP sessions are disabled, HTTPS session are enabled." Write-Verbose "HTTP: Disabled | HTTPS: Enabled"
} }
ElseIf ($httpResult -and !$httpsResult) ElseIf ($httpResult -and !$httpsResult)
{ {
Write-Verbose "HTTPS sessions are disabled, HTTP session are enabled." Write-Verbose "HTTP: Enabled | HTTPS: Disabled"
} }
Else Else
{ {
Throw "Unable to establish an HTTP or HTTPS remoting session." Throw "Unable to establish an HTTP or HTTPS remoting session."
} }
Write-Verbose "PS Remoting has been successfully configured for Ansible." Write-Verbose "PS Remoting has been successfully configured for Ansible."