fix(templates): skip TrustedHosts config on Linux host

WSMan TrustedHosts is a Windows WinRM client concept — does not exist
on Linux. Guard the configure+restore blocks with $isLinuxHost so the
Prepare scripts run without elevation errors from a Linux host.
-SkipCACheck/-SkipCNCheck in sessionOptions is sufficient on Linux.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-05-24 00:50:25 +02:00
parent 04b716149c
commit de6858e3df
2 changed files with 56 additions and 42 deletions
+12 -5
View File
@@ -289,9 +289,12 @@ else {
$sessionOptions = New-PSSessionOption -SkipCACheck -SkipCNCheck
# ── Configure HOST-side WinRM client (TrustedHosts for HTTPS Basic auth) ──────
# HTTPS/5986 does not require AllowUnencrypted on the host side. Only TrustedHosts
# needs appending so PS accepts the non-domain VM. Restored in the finally block.
# Windows only: TrustedHosts must include the VM IP so PS accepts the non-domain
# VM over HTTPS. On Linux, New-PSSession uses OMI and -SkipCACheck/-SkipCNCheck
# in sessionOptions are sufficient — TrustedHosts does not apply.
$prevTrustedHosts = $null
$isLinuxHost = ($null -ne $IsWindows -and $IsWindows -eq $false)
if (-not $isLinuxHost) {
try {
$prevTrustedHosts = (Get-Item WSMan:\localhost\Client\TrustedHosts -ErrorAction Stop).Value
# Add VM IP to TrustedHosts if not already present
@@ -312,6 +315,10 @@ catch {
Write-Warning "Then re-run this script."
exit 1
}
}
else {
Write-Host "[Prepare] Linux host — TrustedHosts not applicable, skipping."
}
# ── Open session (Test-WSMan skipped — PS 5.1 Test-WSMan has no -SessionOption for HTTPS) ──
@@ -755,11 +762,11 @@ try {
finally {
Remove-PSSession $session -ErrorAction SilentlyContinue
# Restore host TrustedHosts to its original value
if ($null -ne $prevTrustedHosts) {
# Restore host TrustedHosts to its original value (Windows only)
if (-not $isLinuxHost -and $null -ne $prevTrustedHosts) {
Set-Item WSMan:\localhost\Client\TrustedHosts -Value $prevTrustedHosts -Force -ErrorAction SilentlyContinue
}
Write-Host "[Prepare] Host TrustedHosts restored."
}
}
+12 -5
View File
@@ -289,9 +289,12 @@ else {
$sessionOptions = New-PSSessionOption -SkipCACheck -SkipCNCheck
# ── Configure HOST-side WinRM client (TrustedHosts for HTTPS Basic auth) ──────
# HTTPS/5986 does not require AllowUnencrypted on the host side. Only TrustedHosts
# needs appending so PS accepts the non-domain VM. Restored in the finally block.
# Windows only: TrustedHosts must include the VM IP so PS accepts the non-domain
# VM over HTTPS. On Linux, New-PSSession uses OMI and -SkipCACheck/-SkipCNCheck
# in sessionOptions are sufficient — TrustedHosts does not apply.
$prevTrustedHosts = $null
$isLinuxHost = ($null -ne $IsWindows -and $IsWindows -eq $false)
if (-not $isLinuxHost) {
try {
$prevTrustedHosts = (Get-Item WSMan:\localhost\Client\TrustedHosts -ErrorAction Stop).Value
# Add VM IP to TrustedHosts if not already present
@@ -312,6 +315,10 @@ catch {
Write-Warning "Then re-run this script."
exit 1
}
}
else {
Write-Host "[Prepare] Linux host — TrustedHosts not applicable, skipping."
}
# ── Open session (Test-WSMan skipped — PS 5.1 Test-WSMan has no -SessionOption for HTTPS) ──
@@ -759,11 +766,11 @@ try {
finally {
Remove-PSSession $session -ErrorAction SilentlyContinue
# Restore host TrustedHosts to its original value
if ($null -ne $prevTrustedHosts) {
# Restore host TrustedHosts to its original value (Windows only)
if (-not $isLinuxHost -and $null -ne $prevTrustedHosts) {
Set-Item WSMan:\localhost\Client\TrustedHosts -Value $prevTrustedHosts -Force -ErrorAction SilentlyContinue
}
Write-Host "[Prepare] Host TrustedHosts restored."
}
}