About Knife Winrm Subcommand

About Knife winrm

The knife winrm subcommand is used to execute commands over WinRM (in parallel) on a subset of nodes within an organization based on the results of a search query to the Chef Infra Server.

Let’s see the additional requirements that need to be installed in order to use the knife winrm subcommand.

Requirements

The winrm subcommand requires the WinRM to be installed and correctly configured in your system. To download the WinRM, you can refer to this documentation.

To enable external connections and the whole network path from the knife, you can use the WinRM quick configuration option.

Run the below command on the Windows target:-

C:\> winrm quickconfig -q

Usually, the above command takes longer than the default MaxTimeoutms. To increase the maxtimeout value to 1800000, you can run the following command.

C:\> winrm set winrm/config '@{MaxTimeoutms="1800000"}'

To establish the WinRM connections between the Chef Infra Server workstation, make sure the window firewall is configured.

C:\> netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" profile=public protocol=tcp localport=5985 remoteip=localsubnet new remoteip=any

Negotiate or NTLM

When the system has a windows Operating system, it is no longer necessary to do the WinRM configuration. To use the default configuration for winrm quickconfig, it is just sufficient to have a WinRM listener on the remote node configured. This is due to the fact that knife winrm implements the Windows negotiate protocol, which complies with the WinRM listener's default authentication requirements and includes NTLM authentication.

Example Commands:- 

knife winrm web1.cloudapp.net 'dir' -x 'proddomain\webuser' -P 'password'
knife winrm db1.cloudapp.net 'dir' -x '.\localadmin' -P 'password'

Domain Authentication

The knife winrm subcommand supports Windows domain authentication. The requirements for this are:-

• An SSL certificate on the target node. 
   
• The certificate details can be viewed, and its thumbprint hex values are copied. 
   

To create the listener over HTTPS, run the below command on the Windows target:-

C:\> winrm create winrm/config/Listener?Address=IP:<ip_address>+Transport=HTTPS @{Hostname="<fqdn>";CertificateThumbprint="<hexidecimal_thumbprint_value>"}

To validate communication with the Windows system using domain authentication, run the following command:-

knife winrm 'node1.domain.com' 'dir' -m -x domain\\administrator -P 'super_secret_password' -p 5986

About winrm Arguments

The winrm argument is used to create a connection to one or more remote machines. For each connection, a password is required. 

To support access using HTTP or HTTPS, WinRM requires that a target node be accessible using the ports configured.

Syntax:

knife winrm SEARCH_QUERY SSH_COMMAND (options)

Let’s see the different arguments options.

Frequently Asked Questions

What is Knife in chef?

A knife is a command-line tool that connects a local chef-repo and the Chef Infra Server.

Does Chef have a Graphical User Interface?

Chef is written in Ruby and Erlang. It uses a pure-Ruby DSL in the Knife CLI. It also includes a nice GUI for easy management.

What do you understand about a node in Chef?

A node is a machine or system managed by the Chef server. It can be attached to any network that can send and receive information.

What are the three main components of a Chef?

Workstations, servers, and nodes are the three main components of Chef.

What do you mean by a client in Chef?

On each node that Chef is responsible for managing, an agent called a chef-client runs locally.

Conclusion

In this article, we have extensively discussed the knife winrm subcommand, its installation, properties, and syntax. I hope you enjoyed this blog on About Knife winrm Subcommand.

Check out these exciting courses from coding ninjas to expand your knowledge, Coding Course, Code Studio, Interview Experience, Guided Path, Interview Problems, Test Series, Library, and Resources. 

Happy Coding!