converge fails Windows Server 2012R2 "This implementation is not part of Windows Platform FIPS validated cryptographic algorithms" #49
Comments
|
Thanks for filing this! Yes we should switch to a FIPS compliant SHA256. |
|
Kind of old blog post, but still at least partially relevant. |
|
I am also getting this same error regarding FIPS compliance. Has this issue been addressed ? |
|
No its still using MD5 |
|
+1 this issue |
|
Hack follows. I'm not a ruby dev, and I'm not using a modern version (my vagrant embeds winrm-fs-0.2.3) but at least on that old version: Replace every instance of: I notice that more modern versions of winrm-fs use hash looking things in way more lines. I can't really test my strategy for them, because I don't have a ruby environment set up (just what's running embedded from vagrant) |
|
You might try using a more recent version of vagrant. winrm-fs has changed quite a bit since 0.2.3 and the latest vagrant should have the latest winrm-fs. However, its really the winrm gem you want to focus on since it generates the hashes, but the same applies in regards to vagrant. The latest version of vagrant will have the latest winrm gem. |
|
Still an issue with windows and FIPS being enabled. `>>>>>> ------Exception-------
|
|
should be resolved with PR #57, version 1.1.0 |
|
fixed by #57 |
Description
using kitchen create with VMware-vra to call a catalog item. Create process runs and completes as expected. Resulting Windows server is joined to Active Directory, and subject to defined group policies. Connecting via WinRM is successful
Kitchen Version
Test Kitchen version 1.8.0
ruby 2.1.8p440 (2015-12-16 revision 53160) [i386-mingw32]
ChefDK Version
Chef Development Kit Version: 0.14.25
chef-client version: 12.10.24
berks version: 4.3.3
kitchen version: 1.8.0
Platform Version
Windows 7 SP1 Professional
Replication Case
Upon completion of kitchen create, kitchen converge is run. We are developing recipes and cookbooks, so the default.rb is simply adding a local group. Running kitchen converge produces the output below
Kitchen Output
-----> Starting Kitchen (v1.8.0)
-----> Converging ...
Preparing files for transfer
Preparing dna.json
Resolving cookbook dependencies with Berkshelf 4.3.3...
Removing non-cookbook files before transfer
Preparing validation.pem
Preparing client.rb
------Exception-------
Class: Kitchen::ActionFailed
Message: Failed to complete #converge action: [[WinRM::FS::Core::FileTransporter] Upload failed (exitcode: 1)
New-Object : Exception calling ".ctor" with "0" argument(s): "This
implementation is not part of the Windows Platform FIPS validated
cryptographic algorithms."
At line:32 char:13
• use ($c = New-Object -TypeName Security.Cryptography.MD5CryptoServiceProvider) ... +
+ CategoryInfo : InvalidOperation: (:) [New-Object], MethodInvoca
tionException
+ FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.Power
Shell.Commands.NewObjectCommand
]
Please see .kitchen/logs/kitchen.log for more details
Also try running kitchen diagnose --all for configuration
Copy-paste your results here
Kitchen Diagnose
timestamp: 2016-09-07 19:36:42 UTC
kitchen_version: 1.8.0
plugins:
driver:
vRA:
class: Kitchen::Driver::Vra
version: 1.3.0
api_version: 2
provisioner:
ChefZero:
class: Kitchen::Provisioner::ChefZero
version: 1.8.0
api_version: 2
transport:
Winrm:
class: Kitchen::Transport::Winrm
version: 1.8.0
api_version: 1
verifier:
Busser:
class: Kitchen::Verifier::Busser
version: 1.8.0
api_version: 1
loader:
process_erb: true
process_local: true
process_global: true
global_config:
filename: C:/Users/local/.kitchen/config.yml
raw_data:
driver:
base_url: https://dev-host.internalnet.com/
lease_days: 5
name: vra
notes: Chef Test Kitchen
username: local@internalnet.com
password: #########
private_key_path: C:/local/.ssh/id_rsa_vra
request_timeout: 3600
server_ready_retries: 10
ssh_username: root
subtenant_id: d129d124-9eb3-42fa-b907-d53e029b1971
tenant: cmpy
use_dns: false
verify_ssl: false
provisioner:
name: chef_zero
chef_omnibus_url: https://artifactory.internalnet.com/artifactory/chef-client/install.sh
client_rb:
audit_mode: ":enabled"
platforms:
- name: windows2012r2
driver:
catalog_id: 8a8c8166-9404-4793-90f4-fc5277bb448b
memory: 4096
cpus: 2
use_dns: true
extra_parameters:
provider-cmpy.Request.WindowsApplication:
type: string
value: standard
provider-VirtualMachine.Disk1.Size:
type: integer
value: 30
provisioner:
chef_metadata_url: https://artifactory.internalnet.com/artifactory/chef-client/metadata_~windows~2012r2~x86_64.txt
transport:
name: winrm
username: DOMAIN\local
password: #########
- name: windows2012r2-sql
driver:
catalog_id: 8a8c8166-9404-4793-90f4-fc5277bb448b
memory: 2048
use_dns: true
extra_parameters:
provider-cmpy.Request.WindowsApplication:
type: string
value: sql
provider-VirtualMachine.Disk0.Letter:
type: string
value: C
provider-VirtualMachine.Disk1.Size:
type: string
value: 1
provider-VirtualMachine.Disk1.Location:
type: string
value: '0:1'
provider-VirtualMachine.Disk1.Letter:
type: string
value: G
provider-VirtualMachine.Disk2.Size:
type: string
value: 10
provider-VirtualMachine.Disk2.Location:
type: string
value: '0:2'
provider-VirtualMachine.Disk2.Letter:
type: string
value: G:\SystemDB
provider-VirtualMachine.Disk3.Size:
type: string
value: 100
provider-VirtualMachine.Disk3.Location:
type: string
value: '0:3'
provider-VirtualMachine.Disk3.Format:
type: string
value: thick
provider-VirtualMachine.Disk3.Letter:
type: string
value: G:\Backup1
provider-VirtualMachine.Disk4.Size:
type: string
value: 50
provider-VirtualMachine.Disk4.Location:
type: string
value: '1:0'
provider-VirtualMachine.Disk4.Format:
type: string
value: thick
provider-VirtualMachine.Disk4.Letter:
type: string
value: G:\Logs1
provider-VirtualMachine.Disk5.Size:
type: string
value: 100
provider-VirtualMachine.Disk5.Location:
type: string
value: '1:1'
provider-VirtualMachine.Disk5.Format:
type: string
value: thick
provider-VirtualMachine.Disk5.Letter:
type: string
value: G:\Data1
provider-VirtualMachine.Disk6.Size:
type: string
value: 20
provider-VirtualMachine.Disk6.Location:
type: string
value: '1:2'
provider-VirtualMachine.Disk6.Format:
type: string
value: thick
provider-VirtualMachine.Disk6.Letter:
type: string
value: G:\TempDB
provisioner:
chef_metadata_url: https://artifactory.internalnet.com/artifactory/chef-client/metadata_~windows~2012r2~x86_64.txt
transport:
name: winrm
username: DOMAIN\local
password: #########
project_config:
filename: C:/chef_repo/cookbooks/cmpy_servertest/.kitchen.yml
raw_data:
suites:
- name: windows2012r2
provisioner:
install_msi_url: https://artifactory.internalnet.com/artifactory/chef-client/windows/2008r2/i386/chef-client-12.7.2-1-x86.msi
run_list:
- recipe[cmpy_servertest::default]
includes:
- windows2012r2-sql
driver:
cpus: 2
memory: 4096
attributes:
local_config:
combined_config:
filename:
raw_data:
driver:
base_url: https://dev-host.internalnet.com/
lease_days: 5
name: vra
notes: Chef Test Kitchen
username: local@internalnet.com
password: #########
private_key_path: C:/local/.ssh/id_rsa_vra
request_timeout: 3600
server_ready_retries: 10
ssh_username: root
subtenant_id: d129d124-9eb3-42fa-b907-d53e029b1971
tenant: cmpy
use_dns: false
verify_ssl: false
provisioner:
name: chef_zero
chef_omnibus_url: https://artifactory.internalnet.com/artifactory/chef-client/install.sh
client_rb:
audit_mode: ":enabled"
platforms:
- name: windows2012r2
driver:
catalog_id: 8a8c8166-9404-4793-90f4-fc5277bb448b
memory: 4096
cpus: 2
use_dns: true
extra_parameters:
provider-cmpy.Request.WindowsApplication:
type: string
value: standard
provider-VirtualMachine.Disk1.Size:
type: integer
value: 30
provisioner:
chef_metadata_url: https://artifactory.internalnet.com/artifactory/chef-client/metadata_~windows~2012r2~x86_64.txt
transport:
name: winrm
username: DOMAIN\local
password: #########
- name: windows2012r2-sql
driver:
catalog_id: 8a8c8166-9404-4793-90f4-fc5277bb448b
memory: 2048
use_dns: true
extra_parameters:
provider-cmpy.Request.WindowsApplication:
type: string
value: sql
provider-VirtualMachine.Disk0.Letter:
type: string
value: C
provider-VirtualMachine.Disk1.Size:
type: string
value: 1
provider-VirtualMachine.Disk1.Location:
type: string
value: '0:1'
provider-VirtualMachine.Disk1.Letter:
type: string
value: G
provider-VirtualMachine.Disk2.Size:
type: string
value: 10
provider-VirtualMachine.Disk2.Location:
type: string
value: '0:2'
provider-VirtualMachine.Disk2.Letter:
type: string
value: G:\SystemDB
provider-VirtualMachine.Disk3.Size:
type: string
value: 100
provider-VirtualMachine.Disk3.Location:
type: string
value: '0:3'
provider-VirtualMachine.Disk3.Format:
type: string
value: thick
provider-VirtualMachine.Disk3.Letter:
type: string
value: G:\Backup1
provider-VirtualMachine.Disk4.Size:
type: string
value: 50
provider-VirtualMachine.Disk4.Location:
type: string
value: '1:0'
provider-VirtualMachine.Disk4.Format:
type: string
value: thick
provider-VirtualMachine.Disk4.Letter:
type: string
value: G:\Logs1
provider-VirtualMachine.Disk5.Size:
type: string
value: 100
provider-VirtualMachine.Disk5.Location:
type: string
value: '1:1'
provider-VirtualMachine.Disk5.Format:
type: string
value: thick
provider-VirtualMachine.Disk5.Letter:
type: string
value: G:\Data1
provider-VirtualMachine.Disk6.Size:
type: string
value: 20
provider-VirtualMachine.Disk6.Location:
type: string
value: '1:2'
provider-VirtualMachine.Disk6.Format:
type: string
value: thick
provider-VirtualMachine.Disk6.Letter:
type: string
value: G:\TempDB
provisioner:
chef_metadata_url: https://artifactory.internalnet.com/artifactory/chef-client/metadata_~windows~2012r2~x86_64.txt
transport:
name: winrm
username: DOMAIN\local
password: #########
suites:
- name: windows2012r2
provisioner:
install_msi_url: https://artifactory.internalnet.com/artifactory/chef-client/windows/2008r2/i386/chef-client-12.7.2-1-x86.msi
run_list:
- recipe[cmpy_servertest::default]
includes:
- windows2012r2-sql
driver:
cpus: 2
memory: 4096
attributes:
instances:
windows2012r2-windows2012r2-sql:
platform:
os_type: windows
shell_type: powershell
state_file:
hostname: chf-unittst67
last_action: create
resource_id: 550da198-96e8-4748-aa9b-0fc99b760928
ssh_key: C:/local/.ssh/id_rsa_vra
driver:
base_url: https://dev-host.internalnet.com/
catalog_id: 8a8c8166-9404-4793-90f4-fc5277bb448b
cpus: 2
extra_parameters:
provider-cmpy.Request.WindowsApplication:
type: string
value: sql
provider-VirtualMachine.Disk0.Letter:
type: string
value: C
provider-VirtualMachine.Disk1.Size:
type: string
value: 1
provider-VirtualMachine.Disk1.Location:
type: string
value: '0:1'
provider-VirtualMachine.Disk1.Letter:
type: string
value: G
provider-VirtualMachine.Disk2.Size:
type: string
value: 10
provider-VirtualMachine.Disk2.Location:
type: string
value: '0:2'
provider-VirtualMachine.Disk2.Letter:
type: string
value: G:\SystemDB
provider-VirtualMachine.Disk3.Size:
type: string
value: 100
provider-VirtualMachine.Disk3.Location:
type: string
value: '0:3'
provider-VirtualMachine.Disk3.Format:
type: string
value: thick
provider-VirtualMachine.Disk3.Letter:
type: string
value: G:\Backup1
provider-VirtualMachine.Disk4.Size:
type: string
value: 50
provider-VirtualMachine.Disk4.Location:
type: string
value: '1:0'
provider-VirtualMachine.Disk4.Format:
type: string
value: thick
provider-VirtualMachine.Disk4.Letter:
type: string
value: G:\Logs1
provider-VirtualMachine.Disk5.Size:
type: string
value: 100
provider-VirtualMachine.Disk5.Location:
type: string
value: '1:1'
provider-VirtualMachine.Disk5.Format:
type: string
value: thick
provider-VirtualMachine.Disk5.Letter:
type: string
value: G:\Data1
provider-VirtualMachine.Disk6.Size:
type: string
value: 20
provider-VirtualMachine.Disk6.Location:
type: string
value: '1:2'
provider-VirtualMachine.Disk6.Format:
type: string
value: thick
provider-VirtualMachine.Disk6.Letter:
type: string
value: G:\TempDB
kitchen_root: C:/chef_repo/cookbooks/cmpy_servertest
lease_days: 5
log_level: :info
memory: 4096
name: vra
notes: Chef Test Kitchen
password: #########
private_key_path: C:/local/.ssh/id_rsa_vra
request_refresh_rate: 2
request_timeout: 3600
requested_for: local@internalnet.com
server_ready_retries: 10
ssh_username: root
subtenant:
subtenant_id: d129d124-9eb3-42fa-b907-d53e029b1971
tenant: cmpy
test_base_path: C:/chef_repo/cookbooks/cmpy_servertest/test/integration
use_dns: true
username: local@internalnet.com
verify_ssl: false
provisioner:
attributes: {}
chef_client_path: "\bin\chef-client.bat"
chef_metadata_url: https://artifactory.internalnet.com/artifactory/chef-client/metadata_~windows~2012r2~x86_64.txt
chef_omnibus_install_options:
chef_omnibus_url: https://artifactory.internalnet.com/artifactory/chef-client/install.sh
chef_zero_host:
chef_zero_port: 8889
client_rb:
audit_mode: ":enabled"
clients_path:
command_prefix:
config_path:
cookbook_files_glob: README.,metadata.{json,rb},attributes/__/,definitions//*,files//,libraries/__/,providers//*,recipes//,resources/__/,templates/*/
data_bags_path:
data_path:
encrypted_data_bag_secret_key_path:
environments_path:
ftp_proxy:
http_proxy:
https_proxy:
install_msi_url: https://artifactory.internalnet.com/artifactory/chef-client/windows/2008r2/i386/chef-client-12.7.2-1-x86.msi
json_attributes: true
kitchen_root: C:/chef_repo/cookbooks/cmpy_servertest
log_file:
log_level: auto
name: chef_zero
named_run_list: {}
nodes_path:
policyfile_path:
profile_ruby: false
require_chef_omnibus: true
roles_path:
root_path: "$env:TEMP\kitchen"
ruby_bindir: "\embedded\bin"
run_list:
- recipe[cmpy_servertest::default]
sudo:
sudo_command:
test_base_path: C:/chef_repo/cookbooks/cmpy_servertest/test/integration
transport:
connection_retries: 5
connection_retry_sleep: 1
elevated: false
endpoint_template: http://%{hostname}:%{port}/wsman
kitchen_root: C:/chef_repo/cookbooks/cmpy_servertest
log_level: :info
max_wait_until_ready: 600
name: winrm
password: #########
port: 5985
rdp_port: 3389
test_base_path: C:/chef_repo/cookbooks/cmpy_servertest/test/integration
username: DOMAIN\local
winrm_transport: :negotiate
verifier:
busser_bin: "$env:TEMP\verifier\bin\busser.bat"
chef_omnibus_root: "/opt/chef"
command_prefix:
ftp_proxy:
http_proxy:
https_proxy:
kitchen_root: C:/chef_repo/cookbooks/cmpy_servertest
log_level: :info
name: busser
root_path: "$env:TEMP\verifier"
ruby_bindir: "$env:systemdrive\opscode\chef\embedded\bin"
sudo:
sudo_command:
suite_name: windows2012r2
test_base_path: C:/chef_repo/cookbooks/cmpy_servertest/test/integration
version: busser
NOTE:
This repository is for core issues with the Test-Kitchen framework, so if the issue is with a plugin you may be referred to file the issue with the appropriate plugin.
The text was updated successfully, but these errors were encountered: