Configuring Calm for Windows Automation

 

Calm uses Windows PowerShell remoting to run commands on Windows machines. The Calm component called Karan is used to manage Windows machines or the applications installed on Windows. Karan is installed as a service on the Windows slave machine, which has access to other Windows machines.

Requirements for Windows

Server Requirements

  • Windows Slave: A VM to host the Windows automation component

  • OS: 64bit Windows Server 2008 R2

  • RAM: 8GB

  • Disk space: 40 GB free

  • Software: PowerShell 2.0 and .Net 4.5

Port Requirements

  • Access from the Calm server to the Windows slave port 8090

  • Access from the Windows slave to the Calm server ports 80 and 443

  • Access from the Windows slave to all managed Windows machines on ports 5985 and 5986.

Note: The Windows VMs that are targets for automation must have PowerShell 2.0 running on them.

Before Installing Karan

Ensure that PowerShell 2.0 is installed using the following command:

PowerShell Get-Host

If PowerShell is installed, this command will return the PowerShell version. If it is not installed, go to the Microsoft Support Center to download and install PowerShell.

Ensure that epsilon is listening on https. Follow the below steps to make epsilon listen default on 443 and calm on 80.


1. chroot /opt/calmio bash -l
2. vi /etc/nginx/sites-enabled/calm.conf
Remove default from the line listen 443 default ssl
3. Save and exit
4. vi /etc/nginx/sites-enabled/epsilon.conf
Change line listen 443 ssl to listen 443 default ssl
5. Save and exit
6. supervisorctl restart web:nginx

7. supervisorctl start epsilon-app:vaitarna
8. exit

 Check if epsilon is accessible on https and calm on http. If calm is not reachable check if styx is running from supervisorctl status 

Installing Karan

To install Karan, do the following:

  • Download or copy the latest version of the Karan installer. If you don’t have the installer yet, get in touch with us at support@calm.io and we will get you the latest version of it right away.

  • Double-click the installer file. The Welcome screen opens. The installer file determines whether .NET 4.5 is installed on the system. If it is not installed, click Install to install .NET 4.5. After it is installed, the regularKaran Setup Wizard screen opens.

Note: If CLR 4.0 is already installed and is in use by a program, you will have to restart the system. After restarting, Karan installation will automatically resume.

  • Click Next. This opens the Karan Information screen.

  • Complete the following checks:

    • Under Enter config details for the Karan service, verify that the default selection is https.

    • Ensure that the default value 8090 displays in the Port for Karan Service field.

    • Provide the available gateway_uuid from calm.ini on the Calm server by running the command:grep gateway_uuid /etc/python-calm/conf/calm.ini.

    • Provide the Karan IP address in the Karan Host field and the Epsilon IP address in the Epsilon Address field.

    • Click Check Epsilon IP to check whether Epsilon is available at the given URL. The installation can continue even if Epsilon is not available at the time of installation. This can be changed later while configuring Karan.

  • Click Next. The Service Account Information screen opens.

  • Enter the following information:

    • In the Specify the logon account for the Karan service fields, enter the Administrator login credentials.

    • In the Install Karan to field, enter the path of the directory in which you want Karan to be installed.

  • Click Next to complete the installation. Karan is now installed in the specified directory. Certificates are bound to the port specified during installation. You must manually start Karan in services.msc.

After installation, you can configure changes to the karan.exe.config file in the install directory. Restart Karan after you finish updating the configuration file.

Post-install Steps

After the installation is complete, complete the following steps to configure the environment for Windows automation:

  • Point Epsilon at the Karan host:

    • In the Calm environment on the Calm host, open/etc/python-calm/conf/calm.ini.

    • Enable Karan by setting the following line to True: karan_enabled = True

    • Run the command:service python-calm restart

  • Update firewall settings:

    • Make the Karan ports accessible from the Epsilon server. To do this, go toControl Panel > Check Firewall Status > Advanced Settings > Inbound Rules > New Rules.
  • Select Rule Type as Port and click Next.

    • Select TCP and specify the port as "8090" or the Karan port that is mentioned in karan.exe.config/epsilon.ini.

    • Accept the rest of the default values.

    • Enter a name for the rule and click Finish.

    • Use the following command on Epsilon server to check if Karan port is accessible: telnet "karan server" "port number"

Add the target windows machines to the Karan host. Add all the machines on which remote commands have to be run to the trusted host's list. Use the following command at the PowerShell prompt:

Set-Item wsman:\localhost\Client\TrustedHosts -Value *

Use the following command to add individual hosts:

Set-Item wsman:\localhost\Client\TrustedHosts -Value <machine_prefix>* -Concatenate -Force

Managed Node Requirements

To enable Karan to run commands on a Windows node, the Windows node must meet the following requirements:

  • PowerShell 2.0 must be installed. Run the following command to verify the version: PowerShell Get-Host

  • The WinRM service must be running. Check the status of WinRM and, if necessary, start the service using the following command:PowerShell Get-Service WinRM

  • And then run: PowerShell Start-Service WinRM

  • PowerShell remoting must be enabled. From PowerShell, run the following commands:

    Enable-PSRemoting

    set-executionpolicy remotesigned

For Windows XP, this is done from gpedit.msc. Set the value of Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options > Network access:Sharing and Security model for local accounts to local users authenticate as themselves.

  • The execution policy must be enabled to run scripts. Use the following command:Set-ExecutionPolicy RemoteSigned

By default, only Administrators can talk remotely using PowerShell. If other users are to be configured to use PowerShell remoting, they must be added in the following UI:

Set-PSSessionConfiguration -Name Microsoft.PowerShell –showSecurityDescriptorUI

Note: To check whether the above setups were successful, log in to Karan host and test the remote command execution from the command line:

$cred=get-credentialinvoke-command -computername <ip> -credential $cred -scriptblock{get-process}

Local Windows Scripts

It is sometimes necessary to run PowerShell scripts locally on the Karan server rather than on the remotely managed machines. To enable this, some registry settings have to be changed. The account under which Karan runs must be given rights to create processes. To do this, complete the following steps:

  • Run secpol.msc.

  • Under Security Settings > Local Policies > User Rights Management:

    • Add the user or group to Adjust memory quotas for a process.

    • Add the user or group to Replace a process level token.

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk