$SubjectName variable unused; clean up

Having used this script several times today, I came to notice the $SubjectName variable, being passed in via the CLI, is essentially ignored when generating the SSL certificates, rendering it useless. I believe it's a good idea to have it in place, so I've updated the script to reflect this. I also cleaned up some random new lines throughout the file, and expanded on a comment. It might be worth going a step further and commenting the file fully, as most people reviewing this file won't be familiar with PowerShell (like I wasn't unitl a few days ago). It could be helpful.
11 years ago · e9fe5f201f
parent badc922c73
commit e9fe5f201f
1 changed files with 14 additions and 16 deletions
--- a/examples/scripts/ConfigureRemotingForAnsible.ps1
+++ b/examples/scripts/ConfigureRemotingForAnsible.ps1
@ -1,4 +1,4 @@
-# Configure a Windows host for remote management with Ansible
+# Configure a Windows host for remote management with Ansible
 # -----------------------------------------------------------
 #
 # This script checks the current WinRM/PSRemoting configuration and makes the
@ -10,9 +10,11 @@
 #
 # Written by Trond Hindenes <trond@hindenes.com>
 # Updated by Chris Church <cchurch@ansible.com>
+# Updated by Michael Crilly <mike@autologic.cm>
 #
 # Version 1.0 - July 6th, 2014
 # Version 1.1 - November 11th, 2014
+# Version 1.2 - May 15th, 2015

 Param (
    [string]$SubjectName = $env:COMPUTERNAME,
@ -20,7 +22,6 @@ Param (
    $CreateSelfSignedCert = $true
 )

-
 Function New-LegacySelfSignedCert
 {
    Param (
@ -60,11 +61,12 @@ Function New-LegacySelfSignedCert
    $certdata = $enrollment.CreateRequest(0)
    $enrollment.InstallResponse(2, $certdata, 0, "")

-    # Return the thumbprint of the last installed cert.
+    # Return the thumbprint of the last installed certificate;
+    # This is needed for the new HTTPS WinRM listerner we're
+    # going to create further down.
    Get-ChildItem "Cert:\LocalMachine\my"| Sort-Object NotBefore -Descending | Select -First 1 | Select -Expand Thumbprint
 }

-
 # Setup error handling.
 Trap
 {
@ -73,14 +75,12 @@ Trap
 }
 $ErrorActionPreference = "Stop"

-
 # Detect PowerShell version.
 If ($PSVersionTable.PSVersion.Major -lt 3)
 {
    Throw "PowerShell version 3 or higher is required."
 }

-
 # Find and start the WinRM service.
 Write-Verbose "Verifying WinRM service."
 If (!(Get-Service "WinRM"))
@ -93,7 +93,6 @@ ElseIf ((Get-Service "WinRM").Status -ne "Running")
    Start-Service -Name "WinRM" -ErrorAction Stop
 }

-
 # WinRM should be running; check that we have a PS session config.
 If (!(Get-PSSessionConfiguration -Verbose:$false) -or (!(Get-ChildItem WSMan:\localhost\Listener)))
 {
@ -112,17 +111,19 @@ If (!($listeners | Where {$_.Keys -like "TRANSPORT=HTTPS"}))
    # HTTPS-based endpoint does not exist.
    If (Get-Command "New-SelfSignedCertificate" -ErrorAction SilentlyContinue)
    {
-        $cert = New-SelfSignedCertificate -DnsName $env:COMPUTERNAME -CertStoreLocation "Cert:\LocalMachine\My"
+        $cert = New-SelfSignedCertificate -DnsName $SubjectName -CertStoreLocation "Cert:\LocalMachine\My"
        $thumbprint = $cert.Thumbprint
+        Write-Host "Self-signed SSL certificate generated; thumbprint: $thumbprint"
    }
    Else
    {
-        $thumbprint = New-LegacySelfSignedCert -SubjectName $env:COMPUTERNAME
+        $thumbprint = New-LegacySelfSignedCert -SubjectName $SubjectName
+        Write-Host "(Legacy) Self-signed SSL certificate generated; thumbprint: $thumbprint"
    }

    # Create the hashtables of settings to be used.
    $valueset = @{}
-    $valueset.Add('Hostname', $env:COMPUTERNAME)
+    $valueset.Add('Hostname', $SubjectName)
    $valueset.Add('CertificateThumbprint', $thumbprint)

    $selectorset = @{}
@ -137,7 +138,6 @@ Else
    Write-Verbose "SSL listener is already active."
 }

-
 # Check for basic authentication.
 $basicAuthSetting = Get-ChildItem WSMan:\localhost\Service\Auth | Where {$_.Name -eq "Basic"}
 If (($basicAuthSetting.Value) -eq $false)
@ -150,7 +150,6 @@ Else
    Write-Verbose "Basic auth is already enabled."
 }

-
 # Configure firewall to allow WinRM HTTPS connections.
 $fwtest1 = netsh advfirewall firewall show rule name="Allow WinRM HTTPS"
 $fwtest2 = netsh advfirewall firewall show rule name="Allow WinRM HTTPS" profile=any
@ -177,19 +176,18 @@ $httpsResult = New-PSSession -UseSSL -ComputerName "localhost" -SessionOption $h

 If ($httpResult -and $httpsResult)
 {
-    Write-Verbose "HTTP and HTTPS sessions are enabled."
+    Write-Verbose "HTTP: Enabled | HTTPS: Enabled"
 }
 ElseIf ($httpsResult -and !$httpResult)
 {
-    Write-Verbose "HTTP sessions are disabled, HTTPS session are enabled."
+    Write-Verbose "HTTP: Disabled | HTTPS: Enabled"
 }
 ElseIf ($httpResult -and !$httpsResult)
 {
-    Write-Verbose "HTTPS sessions are disabled, HTTP session are enabled."
+    Write-Verbose "HTTP: Enabled | HTTPS: Disabled"
 }
 Else
 {
    Throw "Unable to establish an HTTP or HTTPS remoting session."
 }
-
 Write-Verbose "PS Remoting has been successfully configured for Ansible."