This adds two new SSH configuration options:
- `keys_only`
- `paranoid`
These values were previously hard-coded, but can now be user-specified.
Fixes GH-4275
This fixes a fairly large tempfile leak. Vagrant uses a template
renderer to write network configuration files locally to disk. Then,
that temporarily file is uploaded to the remote host and moved into
place. Since Vagrant is such a short-lived process, GC never came along
and cleaned up those tempfiles, resulting in many temporary files being
created through regular Vagrant usage.
The Util::Tempfile class uses a block to ensure the temporary file is
deleted when the block finishes. This API required small tweaks to the
usage, but provides more safety to ensure the files are deleted.
Starting with PowerShell 5, the progress bar can be observed via the
Write-Progress cmdlet. From WinRM, this appears as a stderr output.
Vagrant assumes that there is error if output appears on stderr.
This terminates various scripts which previously executed successfully
in Vagrant (prior to Windows 10).
This fix injects a variable assignment at various points of the script
execution process to disable display of the progress bar.
This changes the ssh ready? method to treat ENETUNREACH the same way as
EHOSTUNREACH errors.
When attempting to SSH into a box, it tries up to 5 times to connect to
the box, ignoring various errors. Later it will catch and gracefully
handle most of those errors so that callers don't have to know the
details.
However, the Errno::ENETUNREACH error is not caught, which means that
callers that expect a clean boolean return from ready? don't get that,
and instead get an exception they probably aren't expecting.
We gained a ton of improvemnts to WinRM error handling in
https://github.com/mitchellh/vagrant/pull/4943, but we also got one bug.
The new code raises an exception when `winrm_info` does not return right
away. This was preventing us from catching the retry/timout logic that's
meant to wait until boot_timeout for the WinRM communicator to be ready.
This restores the proper behavior by rescuing the WinRMNotReady
exception and continuing to retry until the surrounding timeout fires.
Adds a configurable value for WinRm and the elevated permission shell ExecutionTimeLimit.
Please see mitchellh/vagrant#5506
Ex: config.winrm.execution_time_limit = "P1D"
Leaving around plaintext username and passwords in a script on a box isn't the best from a security standpoint. This change ensures the scheduled task wrapper script for WinRM doesn't leave these around on the box, and instead passes them to the script as arguments.
StopOnIdleEnd was set in the task definition for elevated/privileged
windows guest scripts. This setting:
> specifies that the task stops when the idle condition ceases to be true [1]
The "idle condition" is something that Windows periodically checks for,
and it's defined by a bunch of criteria like user presence/absence, CPU
/ IO idle time, etc. [2]
Telling our provisioner to stop the task if the "idle condition" ceases
to be true is a recipe for some sporadically stopped tasks, which seems
like precisely the behavior being reported in #5362.
I'm pretty sure this fixes#5362
[1] https://msdn.microsoft.com/en-us/library/cc248332.aspx
[2] https://msdn.microsoft.com/en-us/library/windows/desktop/aa383561%28v=vs.85%29.aspx
In the situation where the SSH key has invalid permissions/owner, the reconnect-loop keeps failing repeatedly yet stays silent about the reasons. A message must be reported from the default exception handler (added). In addition, the situations where the SSH key owner or permissions are wrong must lead to a proper failure (added). Ideally, though, the owner/permissions check must happen before launching the VM, hence this is not a perfect fix.
With this change, any caller of machine.ssh_info is assured that best
efforts will be done to fix possible wrong permissions on the private
key files.
Fix#4652
When the winrm communicator executes a command in an elevated shell,
this patch causes it to escape double quotes.
This is necessary as the first line in the file that it produces and
then executes it puts the command into a variable called command that
is delimited by double quotes.
Command failures include the stdout and stderr in the error message just like the SSH communicator.
Its now possible to specify only an error_class and have that use the correct error_key by default.
Running Windows guest commands through a scheduled task were not returning the correct exit codes, they were only returning 1 or 0. This has negative consequences especially for Puppet which can return an exit code of 2 for partial success.
Since we're running an executable from inside a powershell encoded command we need to ensure we explicitly propagate the exit code to the original caller just like a regular PowerShell script - in this case cmd /c which in return is called from a scheduled task.
Elevated command line is now rendered to a script which is uploaded to the guest and executed. This allows the command line itself to be less than 100 chars to start the script and any user commands are puts into the script which has unlimited* length.
The logic used to read the file contents sometimes would leave lines behind unread. It now defaults to reading all lines and counts each line it has actually read.
This script creates an immediately run scheduled task using fresh credentials. This is a generic implementation used by the Chef provisioners. The script gets around several limitations in WinRM.
1. Credential hopping
2. The non-default Administrator account sometimes doesn't have true Administrator access when run through WinRM even with UAC disabled.
In short, this script allows commands to run through WinRM just as if they were run directly on the box.
Seth Vargo
Matt Wrock
Eli Skeggs
Mitchell Hashimoto
Mitchell Hashimoto
Seng Lin Shee
Clayton O'Neill
matthewcodes
Dan Dunckel
Marc Siegfriedt
Paul Hinze
Jeremy Roberts
Arlo Louis O'Keeffe
Bob
Shawn Neal
Aaron Quint
Paul Hinze
Max Lincoln
Vít Ondruch
Peter Ericson
Konstantin Tretyakov
Gilles Cornu
Nicolas Philippe
Leo Simons
Stefan Scherer
William E. Triest. III
Richard Guin
jdmulloy
Kalman Hazins