mitchellh/vagrant-aws

Support using the EC2 GetPasswordData API as a means of getting the WinRM password

rafd123 opened this issue · 2 comments

rafd123 commented

Today, when provisioning a Windows AMI, the WinRM username/password needs to be hard coded and well known prior to performing a vagrant up.

It'd be nice if there was a way to have the vagrant-aws plugin dynamically fetch the EC2-generated administrator password (via GetPasswordData) to be used to authenticate to Windows AMIs via WinRM.

It seems like with this functionality, Windows AMIs would have some parity with Linux AMIs with respect to shell authentication.

shaned24 commented

Here is my attempt, I'm having trouble with WinRM timing out and not being able to establish a connection with the booted instance on EC2

I have created a security group called 'vagrant' which opens WinRM ports

# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
  # Enable dotEnv
  config.env.enable

  # Set default communicator
  config.vm.communicator = 'winrm'

  config.winrm.username = 'Administrator'

  config.vm.provider :aws do |aws, override|

        aws.security_groups = ['vagrant']
        aws.access_key_id = ENV['AWS_ACCESS_KEY']
        aws.secret_access_key = ENV['AWS_SECRET_KEY']
        aws.keypair_name = "vagrant-ec2"

        # windows server 2012 with SQL Server Web
        aws.ami = "ami-41fca024"
        aws.instance_type = "m3.medium"

        aws.tags = {
            "Name" => "EC2 Windows 2012 R2 Instance",
        }

        override.vm.box = "dummy"
        override.vm.box_url = "https://github.com/mitchellh/vagrant-aws/raw/master/dummy.box"

        # Figured this was an easy way of getting the instance ID
        instance_id = File.open(".vagrant/machines/default/aws/id", "r").first

        override.winrm.username = 'Administrator'

        # using the ec2 cli i can get the password for the instance 
        override.winrm.password = exec "ec2-get-password -k ./vagrant-ec2.pem #{instance_id}"

    end
end
rafd123 commented

@shaned24 Cool!

I'd love this functionality to be built into the vagrant-aws plugin.

Towards this end, here's my attempt at augmenting the vagrant-aws plugin with another plugin (I wrote it yesterday and published it this morning): https://github.com/rafd123/vagrant-aws-winrm

I'd love any feedback (particularly since I'm new to Ruby, let alone vagrant plugin development).

If this holds water, the next action would be to submit a vagrant-aws pull request with the same functionality.