To revise what I am trying is:
I am working in an environment where there are 5 domains that run Windows
and Linux systems.
The network operators spend weeks and months patching these windows and
linux system an it is a pain.
I want to automate this patching task.
Refering Ansible for Windows document.
I believe if I can successfully ping the windows machine i will definitely
be able to make my playbook do the rest of the magic.
But here I am stuck at root.
I am having my ansible machine in one domain and the windows hosts that I
am trying on are in other domain(test env for me).
If i success here, I can definitely then be able to move in staging and
production.
Given this background I am seeking help and looking to automate this
painful task that is outdated and get ansible take care.
On Friday, May 25, 2018 at 1:29:12 PM UTC-7, ansible...@gmail.com wrote:
>
> Some success here.
> As per Mike suggested I made changed the vars.
> Hosts vars as below:
> [win:vars]
> ansible_user: ansible.dep...@abc.lcl
> ansible_password: xxxxxxxxxxx
> ansible_connection=winrm
> ansible_winrm_transport: ntlm
> ansible_winrm_server_cert_validation: ignore
>
> *Output:*
> vabcs012.aritst.lcl | UNREACHABLE! => {
> "changed": false,
> "msg": "ntlm: HTTPSConnectionPool(host='10.12.12.12', port=5986): Max
> retries exceeded with url: /wsman (Caused by
> NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at
> 0x7f726abd0250>: Failed to establish a new connection: [Errno 111]
> Connection refused',))",
> "unreachable": true
> }
> VATCS206.ARITST.LCL | SUCCESS => {
> "changed": false,
> "ping": "pong"
> }
>
> *With Kerberos:*
> *Following output:*
>
> RobotWindowsSer | UNREACHABLE! => {
> "changed": false,
> "msg": "Kerberos auth failure: kinit: Client
> 'ansible.dep...@aritst.lcl' not found in Kerberos database while getting
> initial credentials",
> "unreachable": true
> }
> VATCS028.ARITST.LCL | UNREACHABLE! => {
> "changed": false,
> "msg": "Kerberos auth failure: kinit: KDC reply did not match
> expectations while getting initial credentials",
> "unreachable": true
> }
> VATCS206.ARITST.LCL | UNREACHABLE! => {
> "changed": false,
> "msg": "Kerberos auth failure: kinit: Client
> 'ansible.dep...@aritst.lcl' not found in Kerberos database while getting
> initial credentials",
> "unreachable": true
> }
> vabcs012.aritst.lcl | UNREACHABLE! => {
> "changed": false,
> "msg": "Kerberos auth failure: kinit: KDC reply did not match
> expectations while getting initial credentials",
> "unreachable": true
> }
> VATCS029.ARITST.LCL | UNREACHABLE! => {
> "changed": false,
> "msg": "Kerberos auth failure: kinit: KDC reply did not match
> expectations while getting initial credentials",
> "unreachable": true
> }
>
>
> On Friday, May 25, 2018 at 1:15:06 PM UTC-7, Jordan Borean wrote:
>>
>> plaintext: the specified credentials were rejected by the server
>>
>>
>> You are running over HTTP with Basic auth which doesn't work by default.
>> I recommend you using a HTTPS listener or use an auth setup that supports
>> message encryption over HTTP like NTLM/Kerberos/CredSSP.
>>
>> plaintext: HTTPConnectionPool(host='10.12.12.12', port=5985): Max retries
>>> exceeded with url: /wsman (Caused by
>>> NewConnectionError('<urllib3.connection.HTTPConnection object at
>>> 0x7f02859474d0>: Failed to establish a new connection: [Errno 111]
>>> Connection refused',))",
>>>
>>
>> Usually means there's a firewall blocking this port, make sure Windows
>> Firewall (or anything else in between) is not blocking it
>>
>> kerberos: the python kerberos library is not installed
>>>
>>
>> The kerb dependencies are not installed by default as it requires a few
>> system packages, to install run
>>
>> # install the required System packages for requests-kerberos
>> sudo yum install gcc python-devel krb5-devel krb5-workstation python-devel
>>
>> # install the requests-kerberos library
>> pip install pywinrm[kerberos]
>>
>>
>> If I should do a new ansible server setup on a CentOS and try working
>>> from start?
>>>
>>
>> Depends on what you need to do, I recommend you push through and get your
>> basic setup done and working. Once it is, make sure you documented your
>> steps on what you did to get to that point and start to automate the steps.
>> Once you have a way to running a script (be it through Ansible or something
>> else), you can easily bring down and recreate your control host easily.
>> First you need to set things up correctly and understand the various
>> components first.
>>
>> Thanks
>>
>> Jordan
>>
>
> On Friday, May 25, 2018 at 1:15:06 PM UTC-7, Jordan Borean wrote:
>>
>> plaintext: the specified credentials were rejected by the server
>>
>>
>> You are running over HTTP with Basic auth which doesn't work by default.
>> I recommend you using a HTTPS listener or use an auth setup that supports
>> message encryption over HTTP like NTLM/Kerberos/CredSSP.
>>
>> plaintext: HTTPConnectionPool(host='10.12.12.12', port=5985): Max retries
>>> exceeded with url: /wsman (Caused by
>>> NewConnectionError('<urllib3.connection.HTTPConnection object at
>>> 0x7f02859474d0>: Failed to establish a new connection: [Errno 111]
>>> Connection refused',))",
>>>
>>
>> Usually means there's a firewall blocking this port, make sure Windows
>> Firewall (or anything else in between) is not blocking it
>>
>> kerberos: the python kerberos library is not installed
>>>
>>
>> The kerb dependencies are not installed by default as it requires a few
>> system packages, to install run
>>
>> # install the required System packages for requests-kerberos
>> sudo yum install gcc python-devel krb5-devel krb5-workstation python-devel
>>
>> # install the requests-kerberos library
>> pip install pywinrm[kerberos]
>>
>>
>> If I should do a new ansible server setup on a CentOS and try working
>>> from start?
>>>
>>
>> Depends on what you need to do, I recommend you push through and get your
>> basic setup done and working. Once it is, make sure you documented your
>> steps on what you did to get to that point and start to automate the steps.
>> Once you have a way to running a script (be it through Ansible or something
>> else), you can easily bring down and recreate your control host easily.
>> First you need to set things up correctly and understand the various
>> components first.
>>
>> Thanks
>>
>> Jordan
>>
>
> On Friday, May 25, 2018 at 1:15:06 PM UTC-7, Jordan Borean wrote:
>>
>> plaintext: the specified credentials were rejected by the server
>>
>>
>> You are running over HTTP with Basic auth which doesn't work by default.
>> I recommend you using a HTTPS listener or use an auth setup that supports
>> message encryption over HTTP like NTLM/Kerberos/CredSSP.
>>
>> plaintext: HTTPConnectionPool(host='10.12.12.12', port=5985): Max retries
>>> exceeded with url: /wsman (Caused by
>>> NewConnectionError('<urllib3.connection.HTTPConnection object at
>>> 0x7f02859474d0>: Failed to establish a new connection: [Errno 111]
>>> Connection refused',))",
>>>
>>
>> Usually means there's a firewall blocking this port, make sure Windows
>> Firewall (or anything else in between) is not blocking it
>>
>> kerberos: the python kerberos library is not installed
>>>
>>
>> The kerb dependencies are not installed by default as it requires a few
>> system packages, to install run
>>
>> # install the required System packages for requests-kerberos
>> sudo yum install gcc python-devel krb5-devel krb5-workstation python-devel
>>
>> # install the requests-kerberos library
>> pip install pywinrm[kerberos]
>>
>>
>> If I should do a new ansible server setup on a CentOS and try working
>>> from start?
>>>
>>
>> Depends on what you need to do, I recommend you push through and get your
>> basic setup done and working. Once it is, make sure you documented your
>> steps on what you did to get to that point and start to automate the steps.
>> Once you have a way to running a script (be it through Ansible or something
>> else), you can easily bring down and recreate your control host easily.
>> First you need to set things up correctly and understand the various
>> components first.
>>
>> Thanks
>>
>> Jordan
>>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/ab22e08a-621a-4a9a-aeef-ee43baa9bd7d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
