This seems like it could be an SSL wedging issue I've seen from time to
time. It is a weird issue where the combination of the OpenSSL version
(usually older ones) that Python is compiled to use and the cipher suite
selection on the remote server causes the SSL connection to lock up.
Depending on the age of the server that Ansible runs on OpenSSL is probably
going to be the issue, I've found MacOS is notorious for this as they use a
pretty ancient version by default. There is a tool called IIS Crypto that
can change the SChannel settings on the Windows box, I recommend using it
and setting the Best Practices for the Schannel window and Cipher Suites..
The tool can be found here https://www.nartac.com/Products/IISCrypto but
I'm not sure if it works for the desktop Window's OSs.
One thing you can do to rule out the SSL wedging issue is to run Ansible
over HTTP (just for testing). To do this go onto your Windows box and run
winrm set winrm/config/service @{AllowUnencrypted="true"}
Now in your host vars, set
ansible_port=5985
Run your playbook and you should see that your playbook will be running
over http://X.X.X.X:5985/wsman and hopefully it works.
After your test make sure you re-enable the WinRM encryption check with
winrm set winrm/config/service @{AllowUnencrypted="false"}
If this fixed the issue for you, bad news your SSL settings is causing some
incomptabilities but you have 3 options available to continue forward
1. Use HTTP with message encryption disabled (highly recommended to NOT do
this)
2. Use this (https://github.com/diyan/pywinrm/pull/156) pre-release build
of pywinrm which enables message encryption with NTLM and CredSSP so you
can run over HTTP and still have message encryption (this should be
released soon but it technically hasn't been released yet)
3. Download the latest version of OpenSSL and compile your Python install
to use this instead of the system default. Also play around with the cipher
suite selection on Windows box using the ISSCrypto tool
If it didn't fix it, not sure what the issue would be but knowing as much
about your environment such as how the computer was installed and other
settings might help us narrow it down.
Some previous issues where this has been seen before
https://github.com/ansible/ansible/issues/18468
https://github.com/ansible/ansible/issues/16266
https://groups.google.com/forum/#!msg/ansible-project/6KeQNkfP0pI/O-hu6W0YBAAJ
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/0a4ea3de-313e-4b51-92cb-615aa3bcdd21%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
