From 2ae6fed88a7c627f152f022de72107b6f8cf3b51 Mon Sep 17 00:00:00 2001 From: Daniel Wallace Date: Fri, 7 Jul 2017 10:41:37 -0600 Subject: [PATCH] allow not verifying ssl winrm saltcloud Required for Self Signed Certs on pywinrm>=0.2.1 --- salt/cloud/clouds/ec2.py | 6 +++++- salt/utils/cloud.py | 25 ++++++++++++++++++------- 2 files changed, 23 insertions(+), 8 deletions(-) diff --git a/salt/cloud/clouds/ec2.py b/salt/cloud/clouds/ec2.py index afca0f904d..ecbdf1b082 100644 --- a/salt/cloud/clouds/ec2.py +++ b/salt/cloud/clouds/ec2.py @@ -2328,6 +2328,9 @@ def wait_for_instance( use_winrm = config.get_cloud_config_value( 'use_winrm', vm_, __opts__, default=False ) + winrm_verify_ssl = config.get_cloud_config_value( + 'winrm_verify_ssl', vm_, __opts__, default=True + ) if win_passwd and win_passwd == 'auto': log.debug('Waiting for auto-generated Windows EC2 password') @@ -2399,7 +2402,8 @@ def wait_for_instance( winrm_port, username, win_passwd, - timeout=ssh_connect_timeout): + timeout=ssh_connect_timeout, + verify=winrm_verify_ssl): raise SaltCloudSystemExit( 'Failed to authenticate against remote windows host' ) diff --git a/salt/utils/cloud.py b/salt/utils/cloud.py index cd6d59e9b5..19ebcf48f8 100644 --- a/salt/utils/cloud.py +++ b/salt/utils/cloud.py @@ -500,7 +500,10 @@ def bootstrap(vm_, opts): 'winrm_port', vm_, opts, default=5986 ) deploy_kwargs['winrm_use_ssl'] = salt.config.get_cloud_config_value( - 'winrm_use_ssl', vm_, opts, default=True + 'winrm_use_ssl', vm_, opts, default=True + ) + deploy_kwargs['winrm_verify_ssl'] = salt.config.get_cloud_config_value( + 'winrm_verify_ssl', vm_, opts, default=True ) # Store what was used to the deploy the VM @@ -826,7 +829,7 @@ def wait_for_winexesvc(host, port, username, password, timeout=900): ) -def wait_for_winrm(host, port, username, password, timeout=900, use_ssl=True): +def wait_for_winrm(host, port, username, password, timeout=900, use_ssl=True, verify=True): ''' Wait until WinRM connection can be established. ''' @@ -836,14 +839,20 @@ def wait_for_winrm(host, port, username, password, timeout=900, use_ssl=True): host, port ) ) + transport = 'ssl' + if not use_ssl: + transport = 'plaintext' trycount = 0 while True: trycount += 1 try: - transport = 'ssl' - if not use_ssl: - transport = 'plaintext' - s = winrm.Session(host, auth=(username, password), transport=transport) + winrm_kwargs = {'target': host, + 'auth': (username, password), + 'transport': transport} + if not verify: + log.debug("SSL validation for WinRM disabled.") + winrm_kwargs['server_cert_validation'] = 'ignore' + s = winrm.Session(**winrm_kwargs) if hasattr(s.protocol, 'set_timeout'): s.protocol.set_timeout(15) log.trace('WinRM endpoint url: {0}'.format(s.url)) @@ -991,6 +1000,7 @@ def deploy_windows(host, use_winrm=False, winrm_port=5986, winrm_use_ssl=True, + winrm_verify_ssl=True, **kwargs): ''' Copy the install files to a remote Windows box, and execute them @@ -1017,7 +1027,8 @@ def deploy_windows(host, if HAS_WINRM and use_winrm: winrm_session = wait_for_winrm(host=host, port=winrm_port, username=username, password=password, - timeout=port_timeout * 60, use_ssl=winrm_use_ssl) + timeout=port_timeout * 60, use_ssl=winrm_use_ssl, + verify=winrm_verify_ssl) if winrm_session is not None: service_available = True else: