You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@brooklyn.apache.org by "Aled Sage (JIRA)" <ji...@apache.org> on 2017/05/30 08:59:04 UTC
[jira] [Resolved] (BROOKLYN-509) "winrm.useHttps" usage fails
inside provisioning.properties: uses http port
[ https://issues.apache.org/jira/browse/BROOKLYN-509?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Aled Sage resolved BROOKLYN-509.
--------------------------------
Resolution: Fixed
Fix Version/s: 0.12.0
> "winrm.useHttps" usage fails inside provisioning.properties: uses http port
> ---------------------------------------------------------------------------
>
> Key: BROOKLYN-509
> URL: https://issues.apache.org/jira/browse/BROOKLYN-509
> Project: Brooklyn
> Issue Type: Bug
> Affects Versions: 0.11.0
> Reporter: Aled Sage
> Fix For: 0.12.0
>
>
> As Yavor observed, if you use {{winrm.useHttps: true}} inside an entity's {{provisioning.properties}} rather than in the location's config, then Brooklyn will incorrectly choose the loginPort 5985 (instead of 5986). However, {{winrm.useHttps}} is correctly passed through to winrm4j.
> This leads to a subsequent error like:
> {noformat}
> Caused by: javax.net.ssl.SSLException: SSLException invoking https://52.174.190.96:5985/wsman: Unrecognized SSL message, plaintext connection?
> at sun.reflect.GeneratedConstructorAccessor163.newInstance(Unknown Source) ~[na:na]
> at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source) ~[na:1.8.0_121]
> at java.lang.reflect.Constructor.newInstance(Unknown Source) ~[na:1.8.0_121]
> at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1385) ~[cxf-rt-transports-http-3.1.10.jar:3.1.10]
> at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1369) ~[cxf-rt-transports-http-3.1.10.jar:3.1.10]
> at org.apache.cxf.transport.http.asyncclient.AsyncHTTPConduit$AsyncWrappedOutputStream.close(AsyncHTTPConduit.java:415) ~[cxf-rt-transports-http-hc-3.1.10.jar:3.1.10]
> {noformat}
> All subsequent attempts to use WinRM with the VM fail because it's using the http port, expecting it to be https!
> The workaround is to put the {{winrm.useHttps: true}} inside the location's configuration, rather than in the entity's provisioning.properties.
> ----
> An example blueprint is:
> {noformat}
> location:
> jclouds:azurecompute-arm:
> identity: xxxxxxxx
> credential: xxxxxxxx
> endpoint: https://management.azure.com/subscriptions/xxxxxxxx
> oauth.endpoint: https://login.microsoftonline.com/xxxxxxxx/oauth2/token
> jclouds.azurecompute.arm.publishers: MicrosoftWindowsServer
> jclouds.azurecompute.operation.timeout: 120000
> jclouds.compute.resourcename-prefix: xxxx
> osFamily: windows
> imageId: westeurope/MicrosoftWindowsServer/WindowsServer/2008-R2-SP1
> region: westeurope
> vmNameMaxLength: 15
> useJcloudsSshInit: false
> destroyOnFailure: false
> templateOptions:
> overrideLoginUser: azureuser
> overrideLoginPassword: "aiji39fjD3jidRwe3&43"
> secrets:
> - sourceVault:
> id: /subscriptions/xxxxxxxx/resourceGroups/jclouds-westeurope/providers/Microsoft.KeyVault/vaults/xxxxKV1
> vaultCertificates:
> - certificateUrl: "https://xxxxkv1.vault.azure.net/secrets/XxxxCert/xxxxxxxx"
> certificateStore: My
> windowsConfiguration:
> provisionVMAgent: true
> winRM:
> listeners:
> - protocol: http
> - protocol: https
> certificateUrl: https://xxxxv1.vault.azure.net/secrets/XxxxCert/xxxxxxxx
> additionalUnattendContent: null
> services:
> - type: org.apache.brooklyn.entity.software.base.VanillaWindowsProcess
> brooklyn.config:
> install.command: echo true
> launch.command: echo true
> stop.command: echo true
> checkRunning.command: echo true
> provisioning.properties:
> winrm.useHttps: true
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)