Return-Path: X-Original-To: apmail-brooklyn-commits-archive@minotaur.apache.org Delivered-To: apmail-brooklyn-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 4BF5B19850 for ; Thu, 24 Mar 2016 16:30:49 +0000 (UTC) Received: (qmail 42193 invoked by uid 500); 24 Mar 2016 16:30:49 -0000 Delivered-To: apmail-brooklyn-commits-archive@brooklyn.apache.org Received: (qmail 42160 invoked by uid 500); 24 Mar 2016 16:30:49 -0000 Mailing-List: contact commits-help@brooklyn.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@brooklyn.apache.org Delivered-To: mailing list commits@brooklyn.apache.org Received: (qmail 42145 invoked by uid 99); 24 Mar 2016 16:30:49 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 24 Mar 2016 16:30:49 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id E6B2EDFBAF; Thu, 24 Mar 2016 16:30:48 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: aledsage@apache.org To: commits@brooklyn.apache.org Date: Thu, 24 Mar 2016 16:30:48 -0000 Message-Id: X-Mailer: ASF-Git Admin Mailer Subject: [1/2] brooklyn-library git commit: Move custom-enable-credssp.ps1 to brooklyn-server Repository: brooklyn-library Updated Branches: refs/heads/master be0d23240 -> 3fa4e751e Move custom-enable-credssp.ps1 to brooklyn-server Project: http://git-wip-us.apache.org/repos/asf/brooklyn-library/repo Commit: http://git-wip-us.apache.org/repos/asf/brooklyn-library/commit/b30d7c2f Tree: http://git-wip-us.apache.org/repos/asf/brooklyn-library/tree/b30d7c2f Diff: http://git-wip-us.apache.org/repos/asf/brooklyn-library/diff/b30d7c2f Branch: refs/heads/master Commit: b30d7c2f589bdb81eca58d1efa57b73eaa7aed96 Parents: be0d232 Author: Valentin Aitken Authored: Tue Mar 22 23:13:06 2016 +0200 Committer: Valentin Aitken Committed: Tue Mar 22 23:13:19 2016 +0200 ---------------------------------------------------------------------- .../database/mssql/Custom-Enable-CredSSP.ps1 | 131 ------------------- .../brooklyn/entity/database/mssql/mssql.yaml | 4 +- 2 files changed, 2 insertions(+), 133 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/brooklyn-library/blob/b30d7c2f/software/database/src/main/resources/org/apache/brooklyn/entity/database/mssql/Custom-Enable-CredSSP.ps1 ---------------------------------------------------------------------- diff --git a/software/database/src/main/resources/org/apache/brooklyn/entity/database/mssql/Custom-Enable-CredSSP.ps1 b/software/database/src/main/resources/org/apache/brooklyn/entity/database/mssql/Custom-Enable-CredSSP.ps1 deleted file mode 100644 index ef2ee5c..0000000 --- a/software/database/src/main/resources/org/apache/brooklyn/entity/database/mssql/Custom-Enable-CredSSP.ps1 +++ /dev/null @@ -1,131 +0,0 @@ -#!ps1 -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# -# Resources: -# https://github.com/mwrock/boxstarter/blob/master/LICENSE.txt -# https://github.com/mwrock/boxstarter/blob/master/Boxstarter.Chocolatey/Enable-BoxstarterCredSSP.ps1 - -function Custom-Enable-CredSSP { -<# -.SYNOPSIS -Enables and configures CredSSP Authentication to be used in PowerShell remoting sessions - -.DESCRIPTION -Enabling CredSSP allows a caller from one remote session to authenticate on other remote -resources. This is known as credential delegation. By default, PowerShell sessions do not -use credSSP and therefore cannot bake a "second hop" to use other remote resources that -require their authentication token. - -This command will enable CredSSP and add all RemoteHostsToTrust to the CredSSP trusted -hosts list. It will also edit the users group policy to allow Fresh Credential Delegation. - -.PARAMETER RemoteHostsToTrust -A list of ComputerNames to add to the CredSSP Trusted hosts list. - -.OUTPUTS -A list of the original trusted hosts on the local machine. - -.EXAMPLE -Custom-Enable-CredSSP box1,box2 - - -#> - param( - [string[]] $RemoteHostsToTrust - ) - - # Required to be running for using CredSSP - winrm quickconfig -transport:http -quiet - - & winrm set winrm/config/service/auth '@{CredSSP="true"}' - If ($LASTEXITCODE -ne 0) { exit $LASTEXITCODE } - - & winrm set winrm/config/client/auth '@{CredSSP="true"}' - If ($LASTEXITCODE -ne 0) { exit $LASTEXITCODE } - - $Result=@{ - Success=$False; - PreviousCSSPTrustedHosts=$null; - PreviousFreshCredDelegationHostCount=0 - } - - Write-Host "Configuring CredSSP settings..." - $credssp = Get-WSManCredSSP - - $ComputersToAdd = @() - $idxHosts=$credssp[0].IndexOf(": ") - if($idxHosts -gt -1){ - $credsspEnabled=$True - $Result.PreviousCSSPTrustedHosts=$credssp[0].substring($idxHosts+2) - $hostArray=$Result.PreviousCSSPTrustedHosts.Split(",") - $RemoteHostsToTrust | ? { $hostArray -notcontains "wsman/$_" } | % { $ComputersToAdd += $_ } - } - else { - $ComputersToAdd = $RemoteHostsToTrust - } - - if($ComputersToAdd.Count -gt 0){ - try { - Enable-WSManCredSSP -DelegateComputer $ComputersToAdd -Role Client -Force -ErrorAction Stop | Out-Null - } - catch { - Write-BoxstarterMessage "Enable-WSManCredSSP failed with: $_" -Verbose - return $result - } - } - - $key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows" - if (!(Test-Path "$key\CredentialsDelegation")) { - New-Item $key -Name CredentialsDelegation | Out-Null - } - $key = Join-Path $key "CredentialsDelegation" - New-ItemProperty -Path "$key" -Name "ConcatenateDefaults_AllowFresh" -Value 1 -PropertyType Dword -Force | Out-Null - New-ItemProperty -Path "$key" -Name "ConcatenateDefaults_AllowFreshNTLMOnly" -Value 1 -PropertyType Dword -Force | Out-Null - - $result.PreviousFreshNTLMCredDelegationHostCount = Set-CredentialDelegation $key 'AllowFreshCredentialsWhenNTLMOnly' $RemoteHostsToTrust - $result.PreviousFreshCredDelegationHostCount = Set-CredentialDelegation $key 'AllowFreshCredentials' $RemoteHostsToTrust - - $Result.Success=$True - return $Result -} - -function Set-CredentialDelegation($key, $subKey, $allowed){ - New-ItemProperty -Path "$key" -Name $subKey -Value 1 -PropertyType Dword -Force | Out-Null - $policyNode = Join-Path $key $subKey - if (!(Test-Path $policyNode)) { - md $policyNode | Out-Null - } - $currentHostProps=@() - (Get-Item $policyNode).Property | % { - $currentHostProps += (Get-ItemProperty -Path $policyNode -Name $_).($_) - } - $currentLength = $currentHostProps.Length - $idx=$currentLength - $allowed | ? { $currentHostProps -notcontains "wsman/$_"} | % { - ++$idx - New-ItemProperty -Path $policyNode -Name "$idx" -Value "wsman/$_" -PropertyType String -Force | Out-Null - } - - return $currentLength -} - -$result = Custom-Enable-CredSSP $env:COMPUTERNAME,localhost -if (-not $result.Success) { - exit 1 -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/brooklyn-library/blob/b30d7c2f/software/database/src/main/resources/org/apache/brooklyn/entity/database/mssql/mssql.yaml ---------------------------------------------------------------------- diff --git a/software/database/src/main/resources/org/apache/brooklyn/entity/database/mssql/mssql.yaml b/software/database/src/main/resources/org/apache/brooklyn/entity/database/mssql/mssql.yaml index 321b52d..d9f2a32 100644 --- a/software/database/src/main/resources/org/apache/brooklyn/entity/database/mssql/mssql.yaml +++ b/software/database/src/main/resources/org/apache/brooklyn/entity/database/mssql/mssql.yaml @@ -15,13 +15,13 @@ services: - type: org.apache.brooklyn.entity.software.base.VanillaWindowsProcess brooklyn.config: templates.install: - classpath://org/apache/brooklyn/entity/database/mssql/Custom-Enable-CredSSP.ps1: "C:\\Custom-Enable-CredSSP.ps1" + classpath://org/apache/brooklyn/software/base/custom-enable-credssp.ps1: "C:\\custom-enable-credssp.ps1" classpath://org/apache/brooklyn/entity/database/mssql/ConfigurationFile.ini: "C:\\ConfigurationFile.ini" classpath://org/apache/brooklyn/entity/database/mssql/installmssql.ps1: "C:\\installmssql.ps1" classpath://org/apache/brooklyn/entity/database/mssql/configuremssql.ps1: "C:\\configuremssql.ps1" classpath://org/apache/brooklyn/entity/database/mssql/launchmssql.bat: "C:\\launchmssql.bat" classpath://org/apache/brooklyn/entity/database/mssql/stopmssql.bat: "C:\\stopmssql.bat" - install.command: powershell -command "C:\\Custom-Enable-CredSSP.ps1" && powershell -command "C:\\installmssql.ps1" + install.command: powershell -command "C:\\custom-enable-credssp.ps1" && powershell -command "C:\\installmssql.ps1" customize.command: powershell -command "C:\\configuremssql.ps1" launch.command: "C:\\launchmssql.bat" stop.command: "C:\\stopmssql.bat"