I am new to Ansible, so please bear with me.... I am trying to bring up an
Ansible test environment whereby I can test config management against a
Windows environment. The environment consists of an Ansible management
server running Linux Red Hat Enterprise Linux Server release 6.7 and a test
Windows 2012 R2 server. I believe I have all the necessary packages
installed to support the WinRM/Kerberos connection from the Ansible
management server to the Windows server. Here are the packages I believe to
have been installed on the Ansible management server to support Windows:
pywinrm
python-devel
krb5-devel
krb5-libs
krb5-workstation
kerberos
requests-kerberos
I have updated /etc/krb5.conf file. When I run a "kinit
'user'@MY.DOMAIN.COM" on the Ansible management server I get the following:
ansible@servername:/home/ansible # kinit [email protected]
Password for [email protected]:
ansible@servername:/home/ansible #
I then ran a "klist" to ensure the kerberos connection was made:
ansible@servername:/home/ansible # klist
Ticket cache: FILE:/tmp/krb5cc_5000
Default principal: [email protected]
Valid starting Expires Service principal
10/20/16 07:17:28 10/20/16 17:17:58 krbtgt/[email protected]
renew until 10/21/16 07:17:28
ansible@servername:/home/ansible #
I then created a /group_vars/windows.yml file consisting of the following:
ansible_user: [email protected]
ansible_password: xxxxx
ansible_port: 5986
ansible_connection: winrm
ansible_winrm_server_cert_validation: ignore
but when I go to run a "ansible winTest -m win_ping -vvvv" it appears the
it is trying an SSL connection instead of a winrm connection, possibly?:
ansible@servername:/home/ansible # ansible winTest -m win_ping -vvvvv
Using /home/ansible/.ansible.cfg as config file
Loaded callback minimal of type stdout, v2.0
<172.31.0.166> ESTABLISH SSH CONNECTION FOR USER: None
<172.31.0.166> SSH: ansible.cfg set ssh_args:
(-o)(ControlMaster=auto)(-o)(ControlPersist=60s)
<172.31.0.166> SSH: ansible_password/ansible_ssh_pass not set:
(-o)(KbdInteractiveAuthentication=no)(-o)(PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey)(-o)(PasswordAuthentication=no)
<172.31.0.166> SSH: ANSIBLE_TIMEOUT/timeout set: (-o)(ConnectTimeout=10)
<172.31.0.166> SSH: PlayContext set ssh_common_args: ()
<172.31.0.166> SSH: PlayContext set ssh_extra_args: ()
<172.31.0.166> SSH: found only ControlPersist; added ControlPath:
(-o)(ControlPath=/home/ansible/.ansible/cp/ansible-ssh-%h-%p-%r)
<172.31.0.166> SSH: EXEC ssh -C -vvv -o ControlMaster=auto -o
ControlPersist=60s -o KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o ConnectTimeout=10 -o
ControlPath=/home/ansible/.ansible/cp/ansible-ssh-%h-%p-%r xxx.xx.x.xxx
'/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo
$HOME/.ansible/tmp/ansible-tmp-1476962695.95-263373308192487 `" && echo
ansible-tmp-1476962695.95-263373308192487="` echo
$HOME/.ansible/tmp/ansible-tmp-1476962695.95-263373308192487 `" ) && sleep
0'"'"''
xxx.xx.x.xxx | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh.",
"unreachable": true
}
ansible@servername:/home/ansible #
If I telnet to the windows server it appears the port is open:
ansibleservername:/home/ansible # telnet xxx.xx.x.xxx 5985
Trying xxx.xx.x.xxx...
Connected to xxx.xx.x.xxx.
Escape character is '^]'.
and if I verify that remoting is working on the windows server it appears
to be working locally:
PS C:\Users\XXXXXX> $Credential = Get-Credential
cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
Credential
PS C:\Users\XXXXXX> $Session = New-PSSession -Credential $Credential
-ComputerName xxx.xx.x.xxx
PS C:\Users\XXXXXX> Invoke-Command -Session $Session -ScriptBlock {gci e:\}
Directory: E:\
Mode LastWriteTime Length Name
PSComputerName
---- ------------- ------ ----
--------------
d---- 10/19/2016 1:11 PM Applications
xxx.xx.x.xxx
da--- 10/19/2016 1:06 PM Logs
xxx.xx.x.xxx
d---- 10/19/2016 1:11 PM temp
xxx.xx.x.xxx
PS C:\Users\XXXXXX>
I also tried to connect to WinRM from another Windows server:
PS C:\Users\XXXXX> $Credential = Get-Credential
cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
Credential
PS C:\Users\XXXXXX> $Session = New-PSSession -Credential $Credential
-ComputerName xxx.xx.x.xxx
PS C:\Users\XXXXXX> Invoke-Command -Session $Session -ScriptBlock {gci e:\}
Directory: E:\
Mode LastWriteTime Length Name
PSComputerName
---- ------------- ------ ----
--------------
d---- 10/19/2016 1:11 PM Applications
xxx.xx.x.xxx
da--- 10/19/2016 1:06 PM Logs
xxx.xx.x.xxx
d---- 10/19/2016 1:11 PM temp
xxx.xx.x.xxx
PS C:\Users\XXXXXX>
Is there a config step whereby I specify Ansible use a winrm connection
that I missed? Any assitance would be greatly appreciated.....
Thanks,
Bob Wieberdink
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/681f11f6-ab4c-43f9-84da-43022d0bc99e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
