无法解析授权标头。标题:McAfee Web Gateway

时间:2020-12-05 00:25:22

I am trying to spin up AWS EC2 Windows 2016/2012R2 server using Kitchen create with defined yaml configuration, but while in the process it is waiting to connect to that remote EC2 machine using wsman (http://:5985/wsman) and failed after timeout.

我正在尝试使用带有定义的yaml配置的Kitchen create来启动AWS EC2 Windows 2016 / 2012R2服务器,但是在此过程中它正在等待使用wsman(http://:5985 / wsman)连接到该远程EC2机器并且失败超时后

please find below code in kitchen.local.yml file-

请在kitchen.local.yml文件中找到以下代码 - 

---
driver:
  name: ec2
  security_group_ids: ["sg-1234jh21"]
  region: us-east-1
  require_chef_omnibus: true
  instance_type: t2.micro
  aws_ssh_key_id: chef
  subnet_id: subnet-1234jsg
  retryable_sleep: 5
  retryable_tries: 360
  shared_credentials_profile: saml
  associate_public_ip: false
  tags: {
    Name: "windows2016",
    Owner: "ABC",
    Account Code: "ABC",
    Dept: "ABC"
   }

transport:
  #name: winrm
  #ssh_key: C:\Users\username\.ssh\chef.pem
  #retryable_tries: 200
  #retryable_sleep: 8
  #connection_timeout: 90
  # elevated: true
  username: testkitchen
  password: xxxxxxxx

verifier:
  name: inspec

provisioner:
  name: chef_zero

platforms:
  - name: windows-2016
    driver:
      image_id: ami-******
      user_data: |
        <powershell>
        $logfile="C:\Users\testkitchen\kitchen-ec2.log"
        # Allow script execution
        Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force
        #PS Remoting and & winrm.cmd basic config
        Enable-PSRemoting -Force -SkipNetworkProfileCheck
        & winrm.cmd set winrm/config '@{MaxTimeoutms="1800000"}' >> $logfile
        & winrm.cmd set winrm/config/winrs '@{MaxMemoryPerShellMB="1024"}' >> $logfile
        & winrm.cmd set winrm/config/winrs '@{MaxShellsPerUser="50"}' >> $logfile
        #Server settings - support username/password login
        & winrm.cmd set winrm/config/service/auth '@{Basic="true"}' >> $logfile
        & winrm.cmd set winrm/config/service '@{AllowUnencrypted="true"}' >> $logfile
        & winrm.cmd set winrm/config/winrs '@{MaxMemoryPerShellMB="1024"}' >> $logfile
        #Firewall Config
        & netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" profile=public protocol=tcp localport=5985 remoteip=localsubnet new remoteip=any  >> $logfile
        "Disabling Complex Passwords" >> $logfile
        $seccfg = [IO.Path]::GetTempFileName()
        & secedit.exe /export /cfg $seccfg >> $logfile
        (Get-Content $seccfg) | Foreach-Object {$_ -replace "PasswordComplexity\s*=\s*1", "PasswordComplexity = 0"} | Set-Content $seccfg
        & secedit.exe /configure /db $env:windir\security\new.sdb /cfg $seccfg /areas SECURITYPOLICY >> $logfile
        & cp $seccfg "c:\"
        & del $seccfg
        $username="testkitchen"
        $password="xxxxxxxxx"
        "Creating static user: $username" >> $logfile
        & net.exe user /y /add $username $password >> $logfile
        "Adding $username to Administrators" >> $logfile
        & net.exe localgroup Administrators /add $username >> $logfile
        Set-ItemProperty -Name LocalAccountTokenFilterPolicy -Path HKLM:\software\Microsoft\Windows\CurrentVersion\Policies\system -Value 1
        </powershell>
    driver_config:
      log_level: debug
      guest: windows
      communicator: 'winrm'

suites:
  - name: default
    run_list:
      - recipe[windows::default]
    attributes:

Error message-

错误信息-

2018/02/02 10:19:10Z: Message: Windows is Ready to use

       EC2 instance <i-xxxxxxxxxxxx> ready.
D      [WinRM] <{:endpoint=>"http://<ip>:5985/wsman", :user=>"testkitchen", :password=>"xxxxxxx", :transport=>:negotiate, :elevated_username=>"testkitchen", :elevated_password=>"xxxxxxxx", :no_ssl_peer_verification=>true, :disable_sspi=>false, :basic_auth_only=>false}> (Write-Host '[WinRM] Established
')
D      [WinRM] opening remote shell on http://<ip>:5985/wsman
D      [WinRM] opening remote shell on http://<ip>:5985/wsman

I, [2018-02-01T22:13:18.894201 #2052]  INFO -- Kitchen: -----> Starting Kitchen (v1.19.2)
I, [2018-02-01T22:13:32.925614 #2052]  INFO -- Kitchen: -----> Creating <default-windows-2012r2>...
E, [2018-02-01T22:29:02.938333 #2052] ERROR -- Kitchen: ------Exception-------
E, [2018-02-01T22:29:02.938333 #2052] ERROR -- Kitchen: Class: Kitchen::ActionFailed
E, [2018-02-01T22:29:02.938333 #2052] ERROR -- Kitchen: Message: 1 actions failed.
>>>>>>     Failed to complete #create action: [Unable to parse authorization header. Headers: {"Via"=>"1.1 10.158.11.157 (McAfee Web Gateway 7.6.2.16.0.24166)", "Date"=>"Thu, 01 Feb 2018 16:55:20 GMT", "Content-Type"=>"text/html", "Cache-Control"=>"no-cache", "Content-Length"=>"2663", "Proxy-Connection"=>"Keep-Alive", "Proxy-Authenticate"=>"Basic realm=\"McAfee Web Gateway\""}
Body: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<!-- FileName: index.html
     Language: [en]
-->
<!--Head-->
<head>
  type="text/javascript" ></script>
  <link rel="stylesheet" href="/mwg-internal/gfddsdfd/files/default/stylesheet.css" />
</head>
<!--/Head-->
  <tr>
    <td class='footData'>
      generated <span id="time">2018-02-01 22:25:20</span> by McAfee Web Gateway
      <br />
      Ruby WinRM Client (2.8.3, ruby 2.4.2)
    </td>
  </tr>

1 个解决方案

#1

0  

From the Chef side of things, you appear to have some kind of corporate internet proxy that is rejecting Chef's HTTP requests. The UA header is not configurable so you'll have to fix this on the gateway (but honestly you probably can't).

从Chef的角度来看,您似乎有某种拒绝Chef的HTTP请求的企业Internet代理。 UA标头是不可配置的,所以你必须在网关上修复它(但老实说你可能不能)。

#1

0  

From the Chef side of things, you appear to have some kind of corporate internet proxy that is rejecting Chef's HTTP requests. The UA header is not configurable so you'll have to fix this on the gateway (but honestly you probably can't).

从Chef的角度来看,您似乎有某种拒绝Chef的HTTP请求的企业Internet代理。 UA标头是不可配置的,所以你必须在网关上修复它(但老实说你可能不能)。

标签:

相关文章