zdtsw · March 23, 2021 12:57
diff --git a/Simple taken away of WinRM on Linux b/Simple taken away of WinRM on Linux
 Spent quite long time to try to figure out how to setup this Linux + Window Jenkins env.
 My user case is, I only want to maintain Linux Jenkins setup, namely Linux on both Jenkins slaves and master.
 The current setup is mixed Linux and Windows Jenkins slaves.

 On the windows slave, we run a very simple powershell which does two things: psexec to another Windows target to run a bat and get the logs back
 So my idea is to move this powershell to Linux slave to run. since powershell is supporting Linux (https://github.com/PowerShell/PowerShell)
 But then I realize psexec is still needed on Windows then powershell is  not the bottleneck for the change I want to do.
 psexec is the key, which enable remote run bat on the Windows target from a Windows.
 So we need to find a tool which allow us to run remote bat from a Linux. As if it is a powershell (as-is no need change) or re-write
 into a shell script (just call the new tool , plus fetch log)

 After some googling, Winexe is the most used tools on Linux to let us remote run bat (just like the ssh does)
 So I got the code from soureforge ,but others doubt it might have virus. :(
 Then I got some useful tips from coworker Simon and Roger:
 #https://pwrshell.net/how-to-use-winrm-powershell-with-jenkins/
 https://github.com/diyan/pywinrm
 basically, it uses WinRM on port: http = 5985  https = 5986 of the Windows targe. and the pywinrm is a python version which is easy to use. ofc, there is
 another ruby one. we can use https://github.com/WinRb/WinRM
 other languages as well 

 on Linux Jenkins salve, install pywinrm lib
 on Windows target host, enable WinRM config, if you use plain HTTP:
 /Client/Auth/Basic = True
 /Service/Auth/Basic = True
 /Service/AllowUnencrypted = True

 or 

 winrm set winrm/config/client/auth '@{Basic="true"}'
 winrm set winrm/config/service/auth '@{Basic="true"}'
 winrm set winrm/config/service '@{AllowUnencrypted="true"}'



 some code snippet in python:
 import winrm
 s = winrm.Session('target_windows_host', auth=('zdtsw@domain', 'secrect_password'))
 r = s.run_cmd('my.bat', ['arg1','arg2'])
 print r.status_code
 print r.std_out

 But,we encounter a new issue. the zdtsw is on the @domain, it has problem to pass auth, so we use kerberos 
 yum install gcc krb5-devel krb5-workstation
 pip install Kerberos pykerberos
 pip install pywinrm[kerberos]

 from winrm.protocol import Protocol

 protocol = "http"
 address = "target_windows_host"
 port = 5985    #by default use 5985 but you can specify other port
 endpoint = "%s://%s:%s/wsman" % (protocol, address, port)

 transport = "plaintext"
 username = "zdtsw"
 password = "secrect_password"

 #transport = "ntlm"
 #username = r'ad.mycompany.com@zdtsw'
 #password = "ad_password"

 c = Protocol(endpoint=endpoint, transport=transport,username=username, password=password,server_cert_validation='ignore')
 shell_id = c.open_shell()

 command_id = c.run_command(shell_id, 'my.bat', ['arg1','arg2'])
 std_out, std_err, status_code = c.get_command_output(shell_id, command_id)
 c.cleanup_command(shell_id, command_id)

 print "STDOUT: %s" % (std_out)
 print "STDERR: %s" % (std_err)

 c.close_shell(shell_id)



diff --git a/Trouble_shooting b/Trouble_shooting
 kerberos: Will use Kerberos authentication for domain accounts which only works when the client is in the same domain as the server and the required dependencies are installed. Currently a Kerberos ticket needs to be initiliased outside of pywinrm using the kinit command.


 to get default realms:
 >cat /etc/krb5.conf

 >kinit zdtsw@<default_realm>

 to check it is working
 >klist

 to use a different port than 5985 on Window server
 winrm set winrm/config/Listener?Address=*+Transport=HTTP '@{Port="8888"}'
	Spent quite long time to try to figure out how to setup this Linux + Window Jenkins env.
	My user case is, I only want to maintain Linux Jenkins setup, namely Linux on both Jenkins slaves and master.
	The current setup is mixed Linux and Windows Jenkins slaves.

	On the windows slave, we run a very simple powershell which does two things: psexec to another Windows target to run a bat and get the logs back
	So my idea is to move this powershell to Linux slave to run. since powershell is supporting Linux (https://github.com/PowerShell/PowerShell)
	But then I realize psexec is still needed on Windows then powershell is not the bottleneck for the change I want to do.
	psexec is the key, which enable remote run bat on the Windows target from a Windows.
	So we need to find a tool which allow us to run remote bat from a Linux. As if it is a powershell (as-is no need change) or re-write
	into a shell script (just call the new tool , plus fetch log)

	After some googling, Winexe is the most used tools on Linux to let us remote run bat (just like the ssh does)
	So I got the code from soureforge ,but others doubt it might have virus. :(
	Then I got some useful tips from coworker Simon and Roger:
	#https://pwrshell.net/how-to-use-winrm-powershell-with-jenkins/
	https://github.com/diyan/pywinrm
	basically, it uses WinRM on port: http = 5985 https = 5986 of the Windows targe. and the pywinrm is a python version which is easy to use. ofc, there is
	another ruby one. we can use https://github.com/WinRb/WinRM
	other languages as well

	on Linux Jenkins salve, install pywinrm lib
	on Windows target host, enable WinRM config, if you use plain HTTP:
	/Client/Auth/Basic = True
	/Service/Auth/Basic = True
	/Service/AllowUnencrypted = True

	or

	winrm set winrm/config/client/auth '@{Basic="true"}'
	winrm set winrm/config/service/auth '@{Basic="true"}'
	winrm set winrm/config/service '@{AllowUnencrypted="true"}'



	some code snippet in python:
	import winrm
	s = winrm.Session('target_windows_host', auth=('zdtsw@domain', 'secrect_password'))
	r = s.run_cmd('my.bat', ['arg1','arg2'])
	print r.status_code
	print r.std_out

	But,we encounter a new issue. the zdtsw is on the @domain, it has problem to pass auth, so we use kerberos
	yum install gcc krb5-devel krb5-workstation
	pip install Kerberos pykerberos
	pip install pywinrm[kerberos]

	from winrm.protocol import Protocol

	protocol = "http"
	address = "target_windows_host"
	port = 5985 #by default use 5985 but you can specify other port
	endpoint = "%s://%s:%s/wsman" % (protocol, address, port)

	transport = "plaintext"
	username = "zdtsw"
	password = "secrect_password"

	#transport = "ntlm"
	#username = r'ad.mycompany.com@zdtsw'
	#password = "ad_password"

	c = Protocol(endpoint=endpoint, transport=transport,username=username, password=password,server_cert_validation='ignore')
	shell_id = c.open_shell()

	command_id = c.run_command(shell_id, 'my.bat', ['arg1','arg2'])
	std_out, std_err, status_code = c.get_command_output(shell_id, command_id)
	c.cleanup_command(shell_id, command_id)

	print "STDOUT: %s" % (std_out)
	print "STDERR: %s" % (std_err)

	c.close_shell(shell_id)
	kerberos: Will use Kerberos authentication for domain accounts which only works when the client is in the same domain as the server and the required dependencies are installed. Currently a Kerberos ticket needs to be initiliased outside of pywinrm using the kinit command.


	to get default realms:
	>cat /etc/krb5.conf

	>kinit zdtsw@<default_realm>

	to check it is working
	>klist

	to use a different port than 5985 on Window server
	winrm set winrm/config/Listener?Address=*+Transport=HTTP '@{Port="8888"}'