Aled Sage created BROOKLYN-509:
----------------------------------
Summary: "winrm.useHttps" usage fails inside
provisioning.properties: uses http port
Key: BROOKLYN-509
URL: https://issues.apache.org/jira/browse/BROOKLYN-509
Project: Brooklyn
Issue Type: Bug
Affects Versions: 0.11.0
Reporter: Aled Sage
As Yavor observed, if you use {{winrm.useHttps: true}} inside an entity's
{{provisioning.properties}} rather than in the location's config, then Brooklyn
will incorrectly choose the loginPort 5985 (instead of 5986). However,
{{winrm.useHttps}} is correctly passed through to winrm4j.
This leads to a subsequent error like:
{noformat}
Caused by: javax.net.ssl.SSLException: SSLException invoking
https://52.174.190.96:5985/wsman: Unrecognized SSL message, plaintext
connection?
at sun.reflect.GeneratedConstructorAccessor163.newInstance(Unknown
Source) ~[na:na]
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown
Source) ~[na:1.8.0_121]
at java.lang.reflect.Constructor.newInstance(Unknown Source)
~[na:1.8.0_121]
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1385)
~[cxf-rt-transports-http-3.1.10.jar:3.1.10]
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1369)
~[cxf-rt-transports-http-3.1.10.jar:3.1.10]
at
org.apache.cxf.transport.http.asyncclient.AsyncHTTPConduit$AsyncWrappedOutputStream.close(AsyncHTTPConduit.java:415)
~[cxf-rt-transports-http-hc-3.1.10.jar:3.1.10]
{noformat}
All subsequent attempts to use WinRM with the VM fail because it's using the
http port, expecting it to be https!
The workaround is to put the {{winrm.useHttps: true}} inside the location's
configuration, rather than in the entity's provisioning.properties.
----
An example blueprint is:
{noformat}
location:
jclouds:azurecompute-arm:
identity: xxxxxxxx
credential: xxxxxxxx
endpoint: https://management.azure.com/subscriptions/xxxxxxxx
oauth.endpoint: https://login.microsoftonline.com/xxxxxxxx/oauth2/token
jclouds.azurecompute.arm.publishers: MicrosoftWindowsServer
jclouds.azurecompute.operation.timeout: 120000
jclouds.compute.resourcename-prefix: xxxx
osFamily: windows
imageId: westeurope/MicrosoftWindowsServer/WindowsServer/2008-R2-SP1
region: westeurope
vmNameMaxLength: 15
useJcloudsSshInit: false
destroyOnFailure: false
templateOptions:
overrideLoginUser: azureuser
overrideLoginPassword: "aiji39fjD3jidRwe3&43"
secrets:
- sourceVault:
id:
/subscriptions/xxxxxxxx/resourceGroups/jclouds-westeurope/providers/Microsoft.KeyVault/vaults/xxxxKV1
vaultCertificates:
- certificateUrl:
"https://xxxxkv1.vault.azure.net/secrets/XxxxCert/xxxxxxxx";
certificateStore: My
windowsConfiguration:
provisionVMAgent: true
winRM:
listeners:
- protocol: http
- protocol: https
certificateUrl:
https://xxxxv1.vault.azure.net/secrets/XxxxCert/xxxxxxxx
additionalUnattendContent: null
services:
- type: org.apache.brooklyn.entity.software.base.VanillaWindowsProcess
brooklyn.config:
install.command: echo true
launch.command: echo true
stop.command: echo true
checkRunning.command: echo true
provisioning.properties:
winrm.useHttps: true
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
