Just out of curiosity, why are you still using Ansible 1.9? The Windows support was barely working there- things are much faster and more supported in the 2.x series. You'll absolutely need the ansible_winrm_server_cert_validation: ignore to get past this, and you need to be on a minimum of 1.9.5 (I think I might've said 1.9.4 before).
On Wednesday, June 29, 2016 at 4:36:08 PM UTC-7, Hugo Enrique Hernández Priego wrote: > > Hi > > I remove that line and try again > > [ansible@ansible-server ansible-windows]$ cat group_vars/windows.yml > # it is suggested that these be encrypted with ansible-vault: > # # ansible-vault edit group_vars/windows.yml > ansible_ssh_user: ansible > ansible_ssh_pass: xxxxxx > ansible_ssh_port: 5986 > ansible_connection: winrm > > but i getting the same error, > > [ansible@ansible-server ansible-windows]$ ansible windows -i host -m > win_ping -vvvvv > <mywindowshost.wt.mx.corp> ESTABLISH WINRM CONNECTION FOR USER: ansible on > PORT 5986 TO srvspodvlmx01.wt.mx.corp > <mywindowshost.wt.mx.corp> WINRM CONNECT: transport=plaintext endpoint= > https://mywindowshost.wt.mx.corp:5986/wsman > mywindowshost.wt.mx.corp | FAILED => Traceback (most recent call last): > File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line > 582, in _executor > exec_rc = self._executor_internal(host, new_stdin) > File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line > 785, in _executor_internal > return self._executor_internal_inner(host, self.module_name, > self.module_args, inject, port, complex_args=complex_args) > File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line > 964, in _executor_internal_inner > conn = self.connector.connect(actual_host, actual_port, actual_user, > actual_pass, actual_transport, actual_private_key_file, delegate_host) > File "/usr/lib/python2.7/site-packages/ansible/runner/connection.py", > line 52, in connect > self.active = conn.connect() > File > "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", > > line 140, in connect > self.protocol = self._winrm_connect() > File > "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", > > line 96, in _winrm_connect > protocol.send_message('') > File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 207, in > send_message > return self.transport.send_message(message) > File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 173, in > send_message > response = self.session.send(prepared_request, > timeout=self.read_timeout_sec) > File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 585, > in send > r = adapter.send(request, **kwargs) > File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 477, > in send > raise SSLError(e, request=request) > SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed > (_ssl.c:765) > > I follow all requeriments > > any suggestion?? > > Regards > > El miércoles, 29 de junio de 2016, 15:45:58 (UTC-5), Matt Davis escribió: >> >> You need to be using at least Ansible 1.9.4 (preferably 2.1) and pywinrm >> 0.1.1 (preferably 0.2.0) to pass the certificate validation disable to >> pywinrm. 1.9.2 will be *very* slow and suboptimal for Windows work in many >> ways. >> >> On Wednesday, June 29, 2016 at 11:19:21 AM UTC-7, Hugo Enrique Hernández >> Priego wrote: >>> >>> Hi Jon >>> >>> >>> My ansible control node have python 2.7.5 >>> >>> [ansible@ansible-server ansible-windows]$ python --version >>> *Python 2.7.5* >>> [ansible@ansible-server ansible-windows]$ >>> >>> So i follow this link http://docs.ansible.com/ansible/intro_windows.html >>> <http://docs.ansible.com/ansible/intro_windows.html#inventory> >>> >>> My windows.yml >>> >>> [ansible@ansible-server ansible-windows]$ cat group_vars/windows.yml >>> # it is suggested that these be encrypted with ansible-vault: >>> # # ansible-vault edit group_vars/windows.yml >>> ansible_ssh_user: ansible >>> ansible_ssh_pass: xxxxxx >>> ansible_ssh_port: 5986 >>> ansible_connection: winrm >>> # The following is necessary for Python 2.7.9+ when using default WinRM >>> self-signed certificates: >>> ansible_winrm_server_cert_validation: ignore >>> >>> i try with the recomendation of python 2.7.9+ but fails anyway >>> >>> [ansible@ansible-server ansible-windows]$ ansible windows -i host -m >>> win_ping -vvvvv >>> <mywindowshost.wt.mx.corp> ESTABLISH WINRM CONNECTION FOR USER: ansible >>> on PORT 5986 TO mywindowshost.wt.mx.corp >>> <mywindowshostwt.mx.corp> WINRM CONNECT: transport=plaintext endpoint= >>> https://mywindowshost.wt.mx.corp:5986/wsman >>> <https://www.google.com/url?q=https%3A%2F%2Fmywindowshost.wt.mx.corp%3A5986%2Fwsman&sa=D&sntz=1&usg=AFQjCNHoKwGx27zxHWFl_q1MbmbF4pgGiA> >>> mywindowshost.wt.mx.corp | FAILED => Traceback (most recent call last): >>> File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", >>> line 582, in _executor >>> exec_rc = self._executor_internal(host, new_stdin) >>> File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", >>> line 785, in _executor_internal >>> return self._executor_internal_inner(host, self.module_name, >>> self.module_args, inject, port, complex_args=complex_args) >>> File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", >>> line 964, in _executor_internal_inner >>> conn = self.connector.connect(actual_host, actual_port, actual_user, >>> actual_pass, actual_transport, actual_private_key_file, delegate_host) >>> File "/usr/lib/python2.7/site-packages/ansible/runner/connection.py", >>> line 52, in connect >>> self.active = conn.connect() >>> File >>> "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", >>> >>> line 140, in connect >>> self.protocol = self._winrm_connect() >>> File >>> "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", >>> >>> line 96, in _winrm_connect >>> protocol.send_message('') >>> File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 207, >>> in send_message >>> return self.transport.send_message(message) >>> File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 173, >>> in send_message >>> response = self.session.send(prepared_request, >>> timeout=self.read_timeout_sec) >>> File "/usr/lib/python2.7/site-packages/requests/sessions.py", line >>> 585, in send >>> r = adapter.send(request, **kwargs) >>> File "/usr/lib/python2.7/site-packages/requests/adapters.py", line >>> 477, in send >>> raise SSLError(e, request=request) >>> SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed >>> (_ssl.c:765) >>> >>> >>> With both method fails, so i do a testing conection with Curl and its OK >>> >>> ansible@ansible-server ansible-windows]$ curl -vk -d "" -u >>> "ansible:xxxxxxx" https://mywindowshost.wt.mx.corp:5986/wsman >>> * About to connect() to mywindowshost.wt.mx.corp port 5986 (#0) >>> * Trying 22.134.234.100... >>> * Connected to mywindowshost.wt.mx.corp (22.134.234.100) port 5986 (#0) >>> * Initializing NSS with certpath: sql:/etc/pki/nssdb >>> * skipping SSL peer certificate verification >>> * SSL connection using TLS_RSA_WITH_AES_128_CBC_SHA >>> * Server certificate: >>> * subject: CN=mywindowshost >>> * start date: Jun 27 18:16:45 2016 GMT >>> * expire date: Jun 27 18:16:45 2017 GMT >>> * common name: mywindowshost >>> * issuer: CN=mywindowshost >>> * Server auth using Basic with user 'ansible' >>> > POST /wsman HTTP/1.1 >>> > Authorization: Basic cHJodGJsYWQ6QmxhKjg2LmxvZw== >>> > User-Agent: curl/7.29.0 >>> > Host: mywindowshost.wt.mx.corp:5986 >>> > Accept: */* >>> > Content-Length: 0 >>> > Content-Type: application/x-www-form-urlencoded >>> > >>> < HTTP/1.1 411 >>> < Server: Microsoft-HTTPAPI/2.0 >>> < Date: Wed, 29 Jun 2016 18:19:37 GMT >>> < Connection: close >>> < Content-Length: 0 >>> < >>> * Closing connection 0 >>> >>> >>> Any idea ? >>> >>> Thanks >>> >>> >>> El martes, 28 de junio de 2016, 2:59:13 (UTC-5), J Hawkesworth escribió: >>>> >>>> Hi, >>>> >>>> Since python 2.7.9 ( I think) python's default behavior has been to >>>> validate certificates for any https connections. >>>> >>>> The certificate used by the windows hosts is likely self-generated, >>>> therefore won't be fully trusted. >>>> >>>> So in order to avoid the certificate check, you have to set the >>>> following var in your ansible inventory/group_vars that apply to your >>>> windows hosts. >>>> >>>> # The following is necessary for Python 2.7.9+ when using default WinRM >>>> self-signed certificates:ansible_winrm_server_cert_validation: ignore >>>> >>>> >>>> Its documented here: >>>> http://docs.ansible.com/ansible/intro_windows.html#inventory >>>> >>>> If you would rather python did check the certificate then you will >>>> either need to trust the cert for each of your windows hosts, or acquire >>>> trusted (not self-signed) certificates for each of your windows hosts, add >>>> them to the the computer certificate store and ensure that winrm is using >>>> your new certificate. >>>> >>>> Hope this helps, >>>> >>>> Jon >>>> >>>> >>>> On Tuesday, June 28, 2016 at 1:37:59 AM UTC+1, Hugo Enrique Hernández >>>> Priego wrote: >>>>> >>>>> Hi >>>>> >>>>> I'm running ansible against a windows host for testing purposes. but i >>>>> am getting this error : >>>>> >>>>> Red Hat 7.2 >>>>> Ansible 1.9.2 >>>>> >>>>> [ansible-windows]$ ansible windows -i host -m win_ping -vvvvv >>>>> >>>>> <srvspodvlmx01.wt.mx.corp> ESTABLISH WINRM CONNECTION FOR USER: >>>>> prhtblad on PORT 5986 TO srvspodvlmx01.wt.mx.corp >>>>> <srvspodvlmx01.wt.mx.corp> WINRM CONNECT: transport=plaintext endpoint= >>>>> https://srvspodvlmx01.wt.mx.corp:5986/wsman >>>>> srvspodvlmx01.wt.mx.corp | FAILED => Traceback (most recent call last): >>>>> File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", >>>>> line 582, in _executor >>>>> exec_rc = self._executor_internal(host, new_stdin) >>>>> File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", >>>>> line 785, in _executor_internal >>>>> return self._executor_internal_inner(host, self.module_name, >>>>> self.module_args, inject, port, complex_args=complex_args) >>>>> File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", >>>>> line 964, in _executor_internal_inner >>>>> conn = self.connector.connect(actual_host, actual_port, >>>>> actual_user, actual_pass, actual_transport, actual_private_key_file, >>>>> delegate_host) >>>>> File >>>>> "/usr/lib/python2.7/site-packages/ansible/runner/connection.py", line 52, >>>>> in connect >>>>> self.active = conn.connect() >>>>> File >>>>> "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", >>>>> >>>>> line 140, in connect >>>>> self.protocol = self._winrm_connect() >>>>> File >>>>> "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", >>>>> >>>>> line 96, in _winrm_connect >>>>> protocol.send_message('') >>>>> File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 207, >>>>> in send_message >>>>> return self.transport.send_message(message) >>>>> File "/usr/lib/python2.7/site-packages/winrm/transport.py", line >>>>> 173, in send_message >>>>> response = self.session.send(prepared_request, >>>>> timeout=self.read_timeout_sec) >>>>> File "/usr/lib/python2.7/site-packages/requests/sessions.py", line >>>>> 585, in send >>>>> r = adapter.send(request, **kwargs) >>>>> File "/usr/lib/python2.7/site-packages/requests/adapters.py", line >>>>> 477, in send >>>>> raise SSLError(e, request=request) >>>>> SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed >>>>> (_ssl.c:765) >>>>> >>>>> Any idea about this error ? >>>>> >>>>> Thanks >>>>> >>>> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/a80cf21b-8dd4-436d-bb7b-284abeaa0738%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
