Skip to content

Commit

Permalink
do not use winrm if not running (#3520)
Browse files Browse the repository at this point in the history
Fixes #3518
Fixes #3519

---------

Co-authored-by: freddydk <[email protected]>
  • Loading branch information
freddydk and freddydk authored Apr 29, 2024
1 parent 83b96ae commit 9db0c66
Show file tree
Hide file tree
Showing 6 changed files with 46 additions and 22 deletions.
14 changes: 12 additions & 2 deletions BC.HelperFunctions.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,7 @@ function Get-ContainerHelperConfig {
"usePsSession" = $true
"usePwshForBc24" = $true
"useSslForWinRmSession" = $true
"tryWinRmSession" = $isPsCore -or !$isAdministrator
"alwaysUseWinRmSession" = $false
"useWinRmSession" = "allow" # allow, always, never
"addTryCatchToScriptBlock" = $true
"killPsSessionProcess" = $false
"useVolumes" = $false
Expand Down Expand Up @@ -192,6 +191,17 @@ function Get-ContainerHelperConfig {
}
}

if ($bcContainerHelperConfig.useWinRmSession -ne 'never') {
# useWinRmSession should be never if the service isn't running
$service = get-service WinRm -erroraction SilentlyContinue
if ($service -and $service.Status -ne "Running") {
if (!$Silent) {
Write-Host "WinRM service is not running, will not try to use WinRM sessions"
}
$bcContainerHelperConfig.useWinRmSession = 'never'
}
}

Export-ModuleMember -Variable bcContainerHelperConfig
}
return $bcContainerHelperConfig
Expand Down
12 changes: 7 additions & 5 deletions BcContainerHelper.psm1
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,13 @@ param(
if ($isMacOS) {
throw "BcContainerHelper isn't supported on MacOS"
}
elseif ($isLinux) {
Write-Host "Running on Linux, PowerShell $($PSVersionTable.PSVersion)"
}
else {
Write-Host "Running on Windows, PowerShell $($PSVersionTable.PSVersion)"
elseif (!$silent) {
if ($isLinux) {
Write-Host "Running on Linux, PowerShell $($PSVersionTable.PSVersion)"
}
else {
Write-Host "Running on Windows, PowerShell $($PSVersionTable.PSVersion)"
}
}

if ($useVolumes -or $isInsideContainer) {
Expand Down
14 changes: 11 additions & 3 deletions ContainerHandling/Enter-NavContainer.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -19,15 +19,23 @@ function Enter-BcContainer {

Process {
if ($bcContainerHelperConfig.usePsSession) {
$session = Get-BcContainerSession -containerName $containerName -silent
try {
$session = Get-BcContainerSession -containerName $containerName -silent
}
catch {
$session = $null
}
}
if ($session) {
Enter-PSSession -Session $session
if ($session.ComputerType -eq 'Container') {
Invoke-Command -Session $session -ScriptBlock {
function prompt {"[$env:COMPUTERNAME]: PS5 $($executionContext.SessionState.Path.CurrentLocation)$('>' * ($nestedPromptLevel + 1)) "}
}
}
} else {
Write-Host "UsePsSession is false, running Open-BcContainer instead"
}
else {
Write-Host "Could not create a session, running Open-BcContainer instead"
Open-BcContainer $containerName
}
}
Expand Down
12 changes: 6 additions & 6 deletions ContainerHandling/Get-NavContainerSession.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,8 @@ function Get-BcContainerSession {
[CmdletBinding()]
Param (
[string] $containerName = $bcContainerHelperConfig.defaultContainerName,
[switch] $tryWinRmSession = $bccontainerHelperConfig.tryWinRmSession,
[switch] $alwaysUseWinRmSession = $bccontainerHelperConfig.alwaysUseWinRmSession,
[switch] $tryWinRmSession = ($bccontainerHelperConfig.useWinRmSession -ne 'never'),
[switch] $alwaysUseWinRmSession = ($bccontainerHelperConfig.useWinRmSession -eq 'always'),
[switch] $usePwsh = $bccontainerHelperConfig.usePwshForBc24,
[switch] $silent,
[switch] $reinit
Expand Down Expand Up @@ -60,7 +60,7 @@ function Get-BcContainerSession {
if ($isInsideContainer) {
$session = New-PSSession -Credential $bcContainerHelperConfig.WinRmCredentials -ComputerName $containerName -Authentication Basic -UseSSL -SessionOption (New-PSSessionOption -SkipCACheck -SkipCNCheck)
}
elseif ($isAdministrator -and !$bcContainerHelperConfig.alwaysUseWinRmSession) {
elseif ($isAdministrator -and !$alwaysUseWinRmSession) {
try {
$containerId = Get-BcContainerId -containerName $containerName
$session = New-PSSession -ContainerId $containerId -RunAsAdministrator -ErrorAction SilentlyContinue -ConfigurationName $configurationName
Expand All @@ -69,12 +69,12 @@ function Get-BcContainerSession {
}
if (!$session) {
if (!($alwaysUseWinRmSession -or $tryWinRmSession)) {
throw "Unable to create session for container $containerName (alwaysUseWinRmSession and tryWinRmSession are both false)"
throw "Unable to create session for container $containerName (cannot use WinRm)"

}
$useSSL = $bcContainerHelperConfig.useSslForWinRmSession
$UUID = (Get-CimInstance win32_ComputerSystemProduct).UUID
$credential = New-Object PSCredential -ArgumentList 'winrm', (ConvertTo-SecureString -string $UUID -AsPlainText -force)
$winRmPassword = "Bc$((Get-CimInstance win32_ComputerSystemProduct).UUID)!"
$credential = New-Object PSCredential -ArgumentList 'winrm', (ConvertTo-SecureString -string $winRmPassword -AsPlainText -force)
if ($useSSL) {
$sessionOption = New-PSSessionOption -Culture 'en-US' -UICulture 'en-US' -SkipCACheck -SkipCNCheck
$Session = New-PSSession -ConnectionUri "https://$($containerName):5986" -Credential $credential -Authentication Basic -SessionOption $sessionOption -ConfigurationName $configurationName
Expand Down
13 changes: 8 additions & 5 deletions ContainerHandling/New-NavContainer.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -496,9 +496,11 @@ try {
if ($isInsideContainer) {
Write-Host "BcContainerHelper is running inside a Container"
}
Write-Host "UsePsSession is $($bcContainerHelperConfig.UsePsSession)"
Write-Host "UsePwshForBc24 is $($bcContainerHelperConfig.UsePwshForBc24)"
Write-Host "Host is $($os.Caption) - $hostOsVersion"
Write-Host "UsePsSession is $($bcContainerHelperConfig.usePsSession)"
Write-Host "UsePwshForBc24 is $($bcContainerHelperConfig.usePwshForBc24)"
Write-Host "UseWinRmSession is $($bcContainerHelperConfig.useWinRmSession)"
Write-Host "UseSslForWinRmSession is $($bcContainerHelperConfig.useSslForWinRmSession)"

$dockerProcess = (Get-Process "dockerd" -ErrorAction Ignore)
if (!($dockerProcess)) {
Expand Down Expand Up @@ -1598,15 +1600,16 @@ if (!$restartingInstance) {
}
') | Add-Content -Path "$myfolder\AdditionalSetup.ps1"
}
else {
$UUID = (Get-CimInstance win32_ComputerSystemProduct).UUID
elseif ($bcContainerHelperConfig.useWinRmSession -ne 'never') {
# UseWinRmSession is allow or always - add winrm configuration to container
$winRmPassword = "Bc$((Get-CimInstance win32_ComputerSystemProduct).UUID)!"
('
if (!$restartingInstance) {
Write-Host "Enable PSRemoting and setup user for winrm"
Enable-PSRemoting | Out-Null
Get-PSSessionConfiguration | Out-null
pwsh.exe -Command "Enable-PSRemoting -WarningAction SilentlyContinue | Out-Null; Get-PSSessionConfiguration | Out-Null"
$credential = New-Object PSCredential -ArgumentList "winrm", (ConvertTo-SecureString -string "'+$UUID+'" -AsPlainText -force)
$credential = New-Object PSCredential -ArgumentList "winrm", (ConvertTo-SecureString -string "'+$winRmPassword+'" -AsPlainText -force)
New-LocalUser -AccountNeverExpires -PasswordNeverExpires -FullName $credential.UserName -Name $credential.UserName -Password $credential.Password | Out-Null
Add-LocalGroupMember -Group administrators -Member $credential.UserName | Out-Null
winrm set winrm/config/service/Auth ''@{Basic="true"}'' | Out-Null
Expand Down
3 changes: 2 additions & 1 deletion ContainerHandling/Remove-NavContainer.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,8 @@ try {
. (Join-Path $PSScriptRoot "updatehosts.ps1") -hostsFile "c:\windows\system32\drivers\etc\hosts" -theHostname $tenantHostname -theIpAddress ""
}

if ($isAdministrator) {
if ($isAdministrator -and ($bcContainerHelperConfig.useWinRmSession -ne 'never') -and (-not $bccontainerHelperConfig.useSslForWinRmSession)) {
# If not using SSL for WinRm, we need to remove the container from the trusted hosts
try {
[xml]$conf = winrm get winrm/config/client -format:pretty
$trustedHosts = $conf.Client.TrustedHosts.Split(',')
Expand Down

0 comments on commit 9db0c66

Please sign in to comment.