fix(templates): skip TrustedHosts config on Linux host
WSMan TrustedHosts is a Windows WinRM client concept — does not exist on Linux. Guard the configure+restore blocks with $isLinuxHost so the Prepare scripts run without elevation errors from a Linux host. -SkipCACheck/-SkipCNCheck in sessionOptions is sufficient on Linux. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -289,9 +289,12 @@ else {
|
|||||||
$sessionOptions = New-PSSessionOption -SkipCACheck -SkipCNCheck
|
$sessionOptions = New-PSSessionOption -SkipCACheck -SkipCNCheck
|
||||||
|
|
||||||
# ── Configure HOST-side WinRM client (TrustedHosts for HTTPS Basic auth) ──────
|
# ── Configure HOST-side WinRM client (TrustedHosts for HTTPS Basic auth) ──────
|
||||||
# HTTPS/5986 does not require AllowUnencrypted on the host side. Only TrustedHosts
|
# Windows only: TrustedHosts must include the VM IP so PS accepts the non-domain
|
||||||
# needs appending so PS accepts the non-domain VM. Restored in the finally block.
|
# VM over HTTPS. On Linux, New-PSSession uses OMI and -SkipCACheck/-SkipCNCheck
|
||||||
|
# in sessionOptions are sufficient — TrustedHosts does not apply.
|
||||||
$prevTrustedHosts = $null
|
$prevTrustedHosts = $null
|
||||||
|
$isLinuxHost = ($null -ne $IsWindows -and $IsWindows -eq $false)
|
||||||
|
if (-not $isLinuxHost) {
|
||||||
try {
|
try {
|
||||||
$prevTrustedHosts = (Get-Item WSMan:\localhost\Client\TrustedHosts -ErrorAction Stop).Value
|
$prevTrustedHosts = (Get-Item WSMan:\localhost\Client\TrustedHosts -ErrorAction Stop).Value
|
||||||
# Add VM IP to TrustedHosts if not already present
|
# Add VM IP to TrustedHosts if not already present
|
||||||
@@ -312,6 +315,10 @@ catch {
|
|||||||
Write-Warning "Then re-run this script."
|
Write-Warning "Then re-run this script."
|
||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
Write-Host "[Prepare] Linux host — TrustedHosts not applicable, skipping."
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
# ── Open session (Test-WSMan skipped — PS 5.1 Test-WSMan has no -SessionOption for HTTPS) ──
|
# ── Open session (Test-WSMan skipped — PS 5.1 Test-WSMan has no -SessionOption for HTTPS) ──
|
||||||
@@ -755,11 +762,11 @@ try {
|
|||||||
finally {
|
finally {
|
||||||
Remove-PSSession $session -ErrorAction SilentlyContinue
|
Remove-PSSession $session -ErrorAction SilentlyContinue
|
||||||
|
|
||||||
# Restore host TrustedHosts to its original value
|
# Restore host TrustedHosts to its original value (Windows only)
|
||||||
if ($null -ne $prevTrustedHosts) {
|
if (-not $isLinuxHost -and $null -ne $prevTrustedHosts) {
|
||||||
Set-Item WSMan:\localhost\Client\TrustedHosts -Value $prevTrustedHosts -Force -ErrorAction SilentlyContinue
|
Set-Item WSMan:\localhost\Client\TrustedHosts -Value $prevTrustedHosts -Force -ErrorAction SilentlyContinue
|
||||||
}
|
|
||||||
Write-Host "[Prepare] Host TrustedHosts restored."
|
Write-Host "[Prepare] Host TrustedHosts restored."
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -289,9 +289,12 @@ else {
|
|||||||
$sessionOptions = New-PSSessionOption -SkipCACheck -SkipCNCheck
|
$sessionOptions = New-PSSessionOption -SkipCACheck -SkipCNCheck
|
||||||
|
|
||||||
# ── Configure HOST-side WinRM client (TrustedHosts for HTTPS Basic auth) ──────
|
# ── Configure HOST-side WinRM client (TrustedHosts for HTTPS Basic auth) ──────
|
||||||
# HTTPS/5986 does not require AllowUnencrypted on the host side. Only TrustedHosts
|
# Windows only: TrustedHosts must include the VM IP so PS accepts the non-domain
|
||||||
# needs appending so PS accepts the non-domain VM. Restored in the finally block.
|
# VM over HTTPS. On Linux, New-PSSession uses OMI and -SkipCACheck/-SkipCNCheck
|
||||||
|
# in sessionOptions are sufficient — TrustedHosts does not apply.
|
||||||
$prevTrustedHosts = $null
|
$prevTrustedHosts = $null
|
||||||
|
$isLinuxHost = ($null -ne $IsWindows -and $IsWindows -eq $false)
|
||||||
|
if (-not $isLinuxHost) {
|
||||||
try {
|
try {
|
||||||
$prevTrustedHosts = (Get-Item WSMan:\localhost\Client\TrustedHosts -ErrorAction Stop).Value
|
$prevTrustedHosts = (Get-Item WSMan:\localhost\Client\TrustedHosts -ErrorAction Stop).Value
|
||||||
# Add VM IP to TrustedHosts if not already present
|
# Add VM IP to TrustedHosts if not already present
|
||||||
@@ -312,6 +315,10 @@ catch {
|
|||||||
Write-Warning "Then re-run this script."
|
Write-Warning "Then re-run this script."
|
||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
Write-Host "[Prepare] Linux host — TrustedHosts not applicable, skipping."
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
# ── Open session (Test-WSMan skipped — PS 5.1 Test-WSMan has no -SessionOption for HTTPS) ──
|
# ── Open session (Test-WSMan skipped — PS 5.1 Test-WSMan has no -SessionOption for HTTPS) ──
|
||||||
@@ -759,11 +766,11 @@ try {
|
|||||||
finally {
|
finally {
|
||||||
Remove-PSSession $session -ErrorAction SilentlyContinue
|
Remove-PSSession $session -ErrorAction SilentlyContinue
|
||||||
|
|
||||||
# Restore host TrustedHosts to its original value
|
# Restore host TrustedHosts to its original value (Windows only)
|
||||||
if ($null -ne $prevTrustedHosts) {
|
if (-not $isLinuxHost -and $null -ne $prevTrustedHosts) {
|
||||||
Set-Item WSMan:\localhost\Client\TrustedHosts -Value $prevTrustedHosts -Force -ErrorAction SilentlyContinue
|
Set-Item WSMan:\localhost\Client\TrustedHosts -Value $prevTrustedHosts -Force -ErrorAction SilentlyContinue
|
||||||
}
|
|
||||||
Write-Host "[Prepare] Host TrustedHosts restored."
|
Write-Host "[Prepare] Host TrustedHosts restored."
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user