diff --git a/windows/knife_winrm.md b/windows/knife_winrm.md new file mode 100644 index 0000000..3fd8df7 --- /dev/null +++ b/windows/knife_winrm.md @@ -0,0 +1,94 @@ +# Starting Scheduled Tasks over knife winrm + +knife winrm requires quite a few parms to work with ec2 instances, particularly if you use ec2 with ssl. + +``` +knife winrm \ + --ssl-peer-fingerprint 00C2E3167A93E9D7259D576B3E175FF450688E71 \ + --winrm-transport ssl \ + --winrm-port 5986 \ + --winrm-password XXXX \ + -m 10.113.68.20 +``` + +That's a lot to copy/write down, so I use a wrapper script to set the variables I need: + +### creds + +```bash +#!/usr/bin/env bash +export NODE_NAME="$*" +INSTANCE_ID=$(aws ec2 describe-instances --filters "Name=tag:Name,Values=$NODE_NAME" "Name=instance-state-name,Values=running" | jq .Reservations[0].Instances[0].InstanceId | sed -e 's/\"//g') +FINGERPRINT=$(aws ec2 get-console-output --instance-id $INSTANCE_ID | jq -r '.Output' | grep RDPCERTIFICATE-THUMBPRINT | tail -1 | awk '{print $4}') +export FINGERPRINT=${FINGERPRINT//[$'\t\r\n ']} # get rid of newlines etc +export IP=$(aws ec2 describe-instances --instance-ids $INSTANCE_ID | grep PrivateIpAddress |tail -1 | awk -F '"' '{print $4}') +CUSTOMER=chef +ACCOUNT=default +export PASSWORD=$(aws ec2 get-password-data --instance-id $INSTANCE_ID --priv-launch-key $HOME/.chef/keys/${CUSTOMER}_${ACCOUNT} | grep PasswordData | awk -F '"' '{print $4}') + +echo export NODE_NAME="$NODE_NAME" +echo export PASSWORD=\"$PASSWORD\" +echo export IP="$IP" +echo export INSTANCE_ID="$INSTANCE_ID" +echo export FINGERPRINT="$FINGERPRINT" +``` + +I then use these creds inside a ```winrm``` script: + +### winrm + +```bash +#!/usr/bin/env bash +if [ "$NODE_NAME" != "$1" ] +then + NODE_NAME=$1 + CREDS="$( dirname "${BASH_SOURCE[0]}" )/creds" + echo Retrieving instance id and ip address and password for $NODE_NAME + echo Cache by running \'eval \$\("$CREDS $NODE_NAME"\)\' before hand + eval $($CREDS $NODE_NAME) +else + echo Using cached instance id and ip address and password for $NODE_NAME +fi +shift +ARGS="$*" +knife winrm --ssl-peer-fingerprint "$FINGERPRINT" --winrm-transport ssl --winrm-port 5986 --winrm-password "$PASSWORD" -m $IP "$*" | sed -e "s:$IP ::" +``` + +There is also an rdp script, to enter those pesky passwords automatically on secure instances you can't copy past to: + +### rdp + +```bash +#!/usr/bin/env bash +if [ "$NODE_NAME" != "$1" ] +then + NODE_NAME=$* + echo Retrieving instance id and ip address and password for $NODE_NAME + CREDS="$( dirname "${BASH_SOURCE[0]}" )/creds" + eval $($CREDS $NODE_NAME) +else + echo Using cached instance id and ip address and password for $NODE_NAME +fi + +killall rdesktop +#rdesktop -g 1100x740 -u Administrator -p "${PASSWORD}" -r sound:local -r disk:prov=`pwd` $IP & +#rdesktop -g 1100x1240 -u Administrator -p "${PASSWORD}" -r sound:local -r disk:prov=`pwd` $IP & +rdesktop -g 1200x1800 -u Administrator -p "${PASSWORD}" -r sound:local -r disk:prov=`pwd` $IP & +# would be nice to poll the above output for 'connected' +echo "Wait for a connection" +sleep 24.0 +echo "Focus on RDP Client" +xdotool search -name rdesktop windowactivate +echo "Get rid of security notice" +xdotool key Return +echo "Wait for password field" +sleep 5.25 +echo "Move to password field" +xdotool key Tab +sleep 3.25 +echo "Type password" +xdotool type "$PASSWORD" +sleep 3.25 +echo "Login!" +xdotool key Return +```