Hi Jordan, Thank you for the suggestion on the inventory management. We can
currently target any instance based on their tags. here is the command I am
using to issue the playbook.
*ansible-playbook playbooks/windows.yml -e "target=tag_product_cse"*
*Here is the information you requested. *
*$ pip list*
*DEPRECATION: The default format will switch to columns in the future. You
can use --format=(legacy|columns) (or define a format=(legacy|columns) in
your pip.conf under the [list] section) to disable this warning.*
*ansible (2.3.2.0)*
*aws-amicleaner (0.1.2)*
*awscli (1.11.133)*
*blessings (1.6)*
*boto (2.48.0)*
*boto3 (1.4.6)*
*botocore (1.6.0)*
*certifi (2017.7.27.1)*
*cffi (1.9.1)*
*chardet (3.0.4)*
*colorama (0.3.7)*
*docutils (0.14)*
*ecdsa (0.13)*
*enum34 (1.1.6)*
*futures (3.1.1)*
*httplib2 (0.9.1)*
*hvac (0.3.0)*
*idna (2.5)*
*ipaddress (1.0.18)*
*Jinja2 (2.8)*
*jmespath (0.9.3)*
*kerberos (1.2.5)*
*MarkupSafe (0.23)*
*ntlm-auth (1.0.5)*
*ordereddict (1.1)*
*paramiko (1.16.0)*
*pip (9.0.1)*
*prettytable (0.7.2)*
*pyasn1 (0.2.3)*
*pycparser (2.17)*
*pycrypto (2.6.1)*
*python-dateutil (2.6.1)*
*pywinrm (0.3.0b1)*
*PyYAML (3.12)*
*requests (2.18.3)*
*requests-ntlm (1.0.0)*
*rsa (3.4.2)*
*s3transfer (0.1.10)*
*setuptools (20.7.0)*
*six (1.10.0)*
*termcolor (1.1.0)*
*urllib3 (1.22)*
*virtualenv (15.1.0)*
*wheel (0.29.0)*
*xmltodict (0.11.0)*
*$ ansible --version*
*ansible 2.3.2.0*
*config file = /etc/ansible/ansible.cfg*
*configured module search path = Default w/o overrides*
*python version = 2.7.12 (default, Nov 20 2017, 18:23:56) [GCC 5.4.0
20160609]*
*$ python --version*
*Python 2.7.12*
*Here are the changes I made to the following files: *
*playbooks/windows.yml, roles/windows/task/main.yml,
inventory/group_vars/windows.yml*
*Playbook: playbooks/windows.yml*
---
- name: run test on Windows host
hosts: '{{target}}'
gather_facts: no
roles:
- windows
vars_files:
- "/home/ubuntu/infratools/ansible/inventory/group_vars/windows.yml"
*Task: roles/windows/task/main.yml*
---
# Obtain information about a folder
- debug:
var: ansible_winrm_server_cert_validation
- win_stat:
path: C:\Users
register: folder_info
*Windows Var: /inventory/group_vars/windows.yml*
ansible_user: username
ansible_password: "#######"
ansible_port: 5986
ansible_connection: winrm
ansible_winrm_transport: ssl
#ansible_winrm_scheme: ntlm
# The following is necessary for Python 2.7.9+ when using default WinRM
self-signed certificates:
ansible_winrm_server_cert_validation: ignore
*##############################################################################*
*##############################################################################*
Based on the results it appears that *ansible_winrm_server_cert_validation:
ignore* is being recognized. Unfortunately, the issue persists. Below are
the results of running the command.
$ ansible-playbook playbooks/windows.yml -e "target=tag_product_cse"
PLAY [run test on Windows host]
*******************************************************************************************************
TASK [windows : debug]
****************************************************************************************************************
ok: [x.x.x.x] => {
"ansible_winrm_server_cert_validation": "ignore"
TASK [windows : win_stat]
*************************************************************************************************************
fatal: [x.x.x.x]: UNREACHABLE! => {"changed": false, "msg": "ssl:
HTTPSConnectionPool(host='x.x.x.x', port=5986): Max retries exceeded with
url: /wsman (Caused by SSLError(SSLError(1, u'[SSL:
CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)'),))",
"unreachable": true}
Thank you!! All your efforts are greatly appreciated!
On Monday, December 18, 2017 at 4:19:05 PM UTC-5, Jordan Borean wrote:
>
> I believe I may know what is happening and this was fixed in the latest
> devel branch so you can try that out if you like. Looks like it is failing
> to gather facts before it gets to your debug task, can you set *gather_facts:
> no* in your playbook as I'm really curious if the cert validation is
> being set properly.
>
> A few other things that would be helpful to know
>
> * Run *pip list* and post the output
> * What version of Ansible are you on
> * What version of Python 2.7 are you on
> * If you turn on fact gathering, does it would if you explicitly set the
> ignore var on the stat task like so
>
> - win_stat:
> path: C:\Users
> vars:
> ansible_winrm_server_cert_validation: ignore
>
> Looks like you are using a dynamic inventory for your AWS hosts, instead
> of having include_vars to point to the Windows vars file I would create a
> create an actual windows group in that inventory and add those hosts in
> there. In the end it would would look something similar to this (untested)
>
> # inventory/hosts
> [tag_OSType_Windows]
> # keep empty, is populated in the dynamic inventory
>
> [windows:children]
> tag_OSType_Windows
>
> # inventory/ec2.py
> ... keep as normal, just to show how to mix/match dynamic and static
> inventories
>
> # inventory/ec2.ini
> ... keep as normal
>
> # group_vars/windows.yml
> ansible_user: username
> ansible_password: "#####"
> ansible_port: 5986
> ansible_connection: winrm
> ansible_winrm_scheme: https
> # The following is necessary for Python 2.7.9+ when using default WinRM
> self-signed certificates:
> ansible_winrm_server_cert_validation: ignore
>
> # playbooks/windows.yml
> - name: run test on Windows host
> hosts: '{{target}}'
> tasks:
> - win_stat:
> path: C:\Users
>
> From there you would add a tag to the newly created instances OSType:
> Windows so that when Ansible reads it from the inventory it is
> automatically put in the Windows group. Even though you are running the
> playbook on the one host it will inherit the group based on that tag which
> in turn get's the Windows vars required.
>
> Thanks
>
> Jordan
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/4bf6b8ba-128a-4711-90d2-a697d569d63f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
