bunny-lab/docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Docker & Kubernetes/Servers/AWX/AWX Operator/Enable Kerberos WinRM.md

Browse Source
This commit is contained in:
Nicole Rappe
2024-07-31 18:58:11 -06:00
parent 6b859a115a
commit 2cb9735294
1 changed files with 24 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
Docker & Kubernetes/Servers/AWX/AWX Operator/Enable Kerberos WinRM.md
View File

@ -12,11 +12,27 @@ winrm quickconfig -force
$cert = New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "hyperv-host.local"
$certThumbprint = $cert.Thumbprint
# Delete existing HTTPS listener if it exists
# Function to delete existing HTTPS listener
function Remove-HTTPSListener {
Write-Host "Removing existing HTTPS listener if it exists..."
$existingListener = (winrm enumerate winrm/config/listener | Select-String -Pattern "Transport=HTTPS")
if ($existingListener) {
winrm delete winrm/config/Listener?Address=*+Transport=HTTPS
$listeners = Get-WSManInstance -ResourceURI winrm/config/listener -Enumerate
foreach ($listener in $listeners) {
if ($listener.Transport -eq "HTTPS") {
Write-Host "Deleting listener with Address: $($listener.Address) and Transport: $($listener.Transport)"
Remove-WSManInstance -ResourceURI winrm/config/listener -SelectorSet @{Address=$listener.Address; Transport=$listener.Transport}
}
}
Start-Sleep -Seconds 5 # Wait for a few seconds to ensure deletion
}
# Remove existing HTTPS listener
Remove-HTTPSListener
# Confirm deletion
$existingListeners = Get-WSManInstance -ResourceURI winrm/config/listener -Enumerate
if ($existingListeners | Where-Object { $_.Transport -eq "HTTPS" }) {
Write-Host "Failed to delete the existing HTTPS listener. Exiting script."
exit 1
}
# Create a new HTTPS listener
@ -24,11 +40,9 @@ Write-Host "Creating a new HTTPS listener..."
$listenerCmd = "winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname=`"hyperv-host.local`"; CertificateThumbprint=`"$certThumbprint`"}'"
Invoke-Expression $listenerCmd
# Set TrustedHosts to allow connections from the Ansible control node
# Replace "ansible_control_node_ip" with the IP address of your Ansible control node
$trustedHosts = "ansible_control_node_ip"
Write-Host "Setting TrustedHosts to $trustedHosts..."
winrm set winrm/config/client '@{TrustedHosts="' + $trustedHosts + '"}'
# Set TrustedHosts to allow connections from any IP address
Write-Host "Setting TrustedHosts to allow any IP address..."
winrm set winrm/config/client '@{TrustedHosts="*"}'
# Enable the firewall rule for WinRM over HTTPS
Write-Host "Enabling firewall rule for WinRM over HTTPS..."