Re: [ansible-project] Re: Ansible 2.9.4 not considering/ honouring ansible_winrm_server_cert_validation=ignore flag.

[John Roh]

pywirnm==0.4.0 included the fix for
ansible_winrm_server_cert_validation=ignore.
I'm currently using pywinrm=0.4.0 on my dockerfile.

On Wed, Feb 5, 2020 at 1:26 AM Bhushan Gholave 
wrote:

> I see there is possibility of issue with pywinrm
> https://github.com/diyan/pywinrm/issues/201
> looks similar
>
> On Wednesday, February 5, 2020 at 2:38:30 PM UTC+5:30, Bhushan Gholave
> wrote:
>>
>> Hi All,
>>
>> Issue closed : https://github.com/ansible/ansible/issues/67114
>>
>> 1. host file
>> [windows]
>>
>> 192.152.1.21 ansible_user=administrator ansible_password=Password123 
>> ansible_port=5986 ansible_winrm_transport=basic 
>> ansible_winrm_server_cert_validation=ignore ansible_connection=winrm
>>
>> 2. run *ansible -i host -m win_ping all - *with ansible version 2.8.5
>> response:-
>>
>> 192.152.1.21 | SUCCESS => {
>> "changed": false,
>> }
>> "ping": "pong"
>>
>> 3. run *ansible -i host -m win_ping all - *with ansible version 2.9.4
>> response:-
>>
>> 192.152.1.21 | UNREACHABLE! => {
>> "changed": false,
>> "msg": "basic: HTTPSConnectionPool(host='192.152.1.21', port=5986): Max 
>> retries exceeded with url: /wsman (Caused by SSLError(SSLError(1, '[SSL: 
>> UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:897)'),))",
>> "unreachable": true
>> }
>>
>> 4. I followed 
>> https://docs.ansible.com/ansible/latest/user_guide/windows_setup.html 
>> documentation to setup windows host. I run Upgrade-PowerShell.ps1,
>>
>> Install-WMF3Hotfix.ps1, ConfigureRemotingForAnsible.ps1 and winrm settings 
>> mentioned.
>>
>> 5. Work around if i do *.\ConfigureRemotingForAnsible.ps1 -ForceNewSSLCert* 
>> then it start working on both version.
>>
>> 6. I think even if we give *ansible_winrm_server_cert_validation=ignore* 
>> flag still it search for self sign certificate on target machine.
>> My guess might be wrong but we need to find out exact reason behind this.
>>
>> Thanks,
>>
>> Bhushan
>>
>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/4a6a63b5-f1bb-4bdb-afb5-e74c3d0a004e%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPxBRp4Ow_6g0%3D%2B8LwXARnas5q-LYk259oAT0qmcJDx0JNgAwg%40mail.gmail.com.

Re: [ansible-project] ansible-playbook 2.7.10 + Packer + winrm + windows 2012r2 ssl: HTTPSConnectionPool(host='localhost', port=5986): Max retries exceeded with url: /wsman

[John Roh]

I have figured this out now that it works with packer 1.5.2-dev (will be
released) and ansible 2.7.16.

On Wed, Jan 29, 2020 at 3:00 PM John Roh  wrote:

> Hi I'm trying to build Windows 2012r2 ec2 windows AMI that I can
> provisioned Powershell over winrm but I'm getting SSL exception error as
> below. Running Ansible playbook ping verified and win command getting the
> hostname, however, running local command to get the hostname fails.
>
> ssl: HTTPSConnectionPool(host='localhost', port=5986): Max retries
> exceeded with url: /wsman
>
> -amzn-win2012r2-sysprep-base: ansible-playbook 2.7.10
> -amzn-win2012r2-sysprep-base: [DEPRECATION WARNING]: ANSIBLE_HOSTS
> option, The variable is misleading as it
> -amzn-win2012r2-sysprep-base:   config file =
> /home/packer/appcode/tmp/amzn-win2012r2sysp/ansible.cfg
> -amzn-win2012r2-sysprep-base: can be a list of hosts and/or paths
> to inventory sources , use
> -amzn-win2012r2-sysprep-base:   configured module search path =
> [u'/etc/ansible/library']
> -amzn-win2012r2-sysprep-base: ANSIBLE_INVENTORY instead. This
> feature will be removed in version 2.8.
> -amzn-win2012r2-sysprep-base:   ansible python module location =
> /usr/lib/python2.7/site-packages/ansible
> -amzn-win2012r2-sysprep-base: Deprecation warnings can be disabled
> by setting deprecation_warnings=False in
> -amzn-win2012r2-sysprep-base:   executable location =
> /bin/ansible-playbook
> -amzn-win2012r2-sysprep-base: ansible.cfg.
> -amzn-win2012r2-sysprep-base:   python version = 2.7.16 (default,
> Dec 12 2019, 23:58:22) [GCC 7.3.1 20180712 (Red Hat 7.3.1-6)]
> -amzn-win2012r2-sysprep-base: Using
> /home/packer/appcode/tmp/amzn-win2012r2sysp/ansible.cfg as config file
> -amzn-win2012r2-sysprep-base: setting up inventory plugins
> -amzn-win2012r2-sysprep-base: Parsed
> /tmp/packer-provisioner-ansible306731865 inventory source with ini plugin
> -amzn-win2012r2-sysprep-base: Loading callback plugin default of
> type stdout, v2.0 from
> /usr/lib/python2.7/site-packages/ansible/plugins/callback/default.pyc
> -amzn-win2012r2-sysprep-base:
> -amzn-win2012r2-sysprep-base: PLAYBOOK: win-playbook-test.yaml
> ***
> -amzn-win2012r2-sysprep-base: 1 plays in
> /home/packer/appcode/tmp/amzn-win2012r2sysp/packer/ansible/win-playbook-test.yaml
> -amzn-win2012r2-sysprep-base:
> -amzn-win2012r2-sysprep-base: PLAY [test out local action]
> ***
> -amzn-win2012r2-sysprep-base:
> -amzn-win2012r2-sysprep-base: TASK [Gathering Facts]
> *
> -amzn-win2012r2-sysprep-base: task path:
> /home/packer/appcode/tmp/amzn-win2012r2sysp/packer/ansible/win-playbook-test.yaml:2
> -amzn-win2012r2-sysprep-base: Using module file
> /usr/lib/python2.7/site-packages/ansible/modules/windows/setup.ps1
> -amzn-win2012r2-sysprep-base: <10.127.51.241> ESTABLISH WINRM
> CONNECTION FOR USER: Administrator on PORT 5986 TO 10.127.51.241
> -amzn-win2012r2-sysprep-base: checking if winrm_host 10.127.51.241
> is an IPv6 address
> -amzn-win2012r2-sysprep-base: EXEC (via pipeline wrapper)
> -amzn-win2012r2-sysprep-base: ok: [default]
> -amzn-win2012r2-sysprep-base: META: ran handlers
> -amzn-win2012r2-sysprep-base:
> -amzn-win2012r2-sysprep-base: TASK [windows command]
> *
> -amzn-win2012r2-sysprep-base: task path:
> /home/packer/appcode/tmp/amzn-win2012r2sysp/packer/ansible/win-playbook-test.yaml:5
> -amzn-win2012r2-sysprep-base: Using module file
> /usr/lib/python2.7/site-packages/ansible/modules/windows/win_command.ps1
> -amzn-win2012r2-sysprep-base: <10.127.51.241> ESTABLISH WINRM
> CONNECTION FOR USER: Administrator on PORT 5986 TO 10.127.51.241
> -amzn-win2012r2-sysprep-base: checking if winrm_host 10.127.51.241
> is an IPv6 address
> -amzn-win2012r2-sysprep-base: EXEC (via pipeline wrapper)
> -amzn-win2012r2-sysprep-base: changed: [default] => {
> -amzn-win2012r2-sysprep-base: "changed": true,
> -amzn-win2012r2-sysprep-base: "cmd": "hostname",
> -amzn-win2012r2-sysprep-base: "delta": "0:00:00.203091",
> -amzn-win2012r2-sysprep-base: "end": "2020-01-29
> 05:40:14.787149",
> -amzn-win2012r2-sysprep-base: "rc": 0,
> -amzn-win2012r2

[ansible-project] ansible-playbook 2.7.10 + Packer + winrm + windows 2012r2 ssl: HTTPSConnectionPool(host='localhost', port=5986): Max retries exceeded with url: /wsman

[John Roh]

Hi I'm trying to build Windows 2012r2 ec2 windows AMI that I can 
provisioned Powershell over winrm but I'm getting SSL exception error as 
below. Running Ansible playbook ping verified and win command getting the 
hostname, however, running local command to get the hostname fails.  

ssl: HTTPSConnectionPool(host='localhost', port=5986): Max retries exceeded 
with url: /wsman 

-amzn-win2012r2-sysprep-base: ansible-playbook 2.7.10
-amzn-win2012r2-sysprep-base: [DEPRECATION WARNING]: ANSIBLE_HOSTS 
option, The variable is misleading as it
-amzn-win2012r2-sysprep-base:   config file = 
/home/packer/appcode/tmp/amzn-win2012r2sysp/ansible.cfg
-amzn-win2012r2-sysprep-base: can be a list of hosts and/or paths 
to inventory sources , use
-amzn-win2012r2-sysprep-base:   configured module search path = 
[u'/etc/ansible/library']
-amzn-win2012r2-sysprep-base: ANSIBLE_INVENTORY instead. This 
feature will be removed in version 2.8.
-amzn-win2012r2-sysprep-base:   ansible python module location = 
/usr/lib/python2.7/site-packages/ansible
-amzn-win2012r2-sysprep-base: Deprecation warnings can be disabled 
by setting deprecation_warnings=False in
-amzn-win2012r2-sysprep-base:   executable location = 
/bin/ansible-playbook
-amzn-win2012r2-sysprep-base: ansible.cfg.
-amzn-win2012r2-sysprep-base:   python version = 2.7.16 (default, 
Dec 12 2019, 23:58:22) [GCC 7.3.1 20180712 (Red Hat 7.3.1-6)]
-amzn-win2012r2-sysprep-base: Using 
/home/packer/appcode/tmp/amzn-win2012r2sysp/ansible.cfg as config file
-amzn-win2012r2-sysprep-base: setting up inventory plugins
-amzn-win2012r2-sysprep-base: Parsed 
/tmp/packer-provisioner-ansible306731865 inventory source with ini plugin
-amzn-win2012r2-sysprep-base: Loading callback plugin default of 
type stdout, v2.0 from 
/usr/lib/python2.7/site-packages/ansible/plugins/callback/default.pyc
-amzn-win2012r2-sysprep-base:
-amzn-win2012r2-sysprep-base: PLAYBOOK: win-playbook-test.yaml 
***
-amzn-win2012r2-sysprep-base: 1 plays in 
/home/packer/appcode/tmp/amzn-win2012r2sysp/packer/ansible/win-playbook-test.yaml
-amzn-win2012r2-sysprep-base:
-amzn-win2012r2-sysprep-base: PLAY [test out local action] 
***
-amzn-win2012r2-sysprep-base:
-amzn-win2012r2-sysprep-base: TASK [Gathering Facts] 
*
-amzn-win2012r2-sysprep-base: task path: 
/home/packer/appcode/tmp/amzn-win2012r2sysp/packer/ansible/win-playbook-test.yaml:2
-amzn-win2012r2-sysprep-base: Using module file 
/usr/lib/python2.7/site-packages/ansible/modules/windows/setup.ps1
-amzn-win2012r2-sysprep-base: <10.127.51.241> ESTABLISH WINRM 
CONNECTION FOR USER: Administrator on PORT 5986 TO 10.127.51.241
-amzn-win2012r2-sysprep-base: checking if winrm_host 10.127.51.241 
is an IPv6 address
-amzn-win2012r2-sysprep-base: EXEC (via pipeline wrapper)
-amzn-win2012r2-sysprep-base: ok: [default]
-amzn-win2012r2-sysprep-base: META: ran handlers
-amzn-win2012r2-sysprep-base:
-amzn-win2012r2-sysprep-base: TASK [windows command] 
*
-amzn-win2012r2-sysprep-base: task path: 
/home/packer/appcode/tmp/amzn-win2012r2sysp/packer/ansible/win-playbook-test.yaml:5
-amzn-win2012r2-sysprep-base: Using module file 
/usr/lib/python2.7/site-packages/ansible/modules/windows/win_command.ps1
-amzn-win2012r2-sysprep-base: <10.127.51.241> ESTABLISH WINRM 
CONNECTION FOR USER: Administrator on PORT 5986 TO 10.127.51.241
-amzn-win2012r2-sysprep-base: checking if winrm_host 10.127.51.241 
is an IPv6 address
-amzn-win2012r2-sysprep-base: EXEC (via pipeline wrapper)
-amzn-win2012r2-sysprep-base: changed: [default] => {
-amzn-win2012r2-sysprep-base: "changed": true,
-amzn-win2012r2-sysprep-base: "cmd": "hostname",
-amzn-win2012r2-sysprep-base: "delta": "0:00:00.203091",
-amzn-win2012r2-sysprep-base: "end": "2020-01-29 
05:40:14.787149",
-amzn-win2012r2-sysprep-base: "rc": 0,
-amzn-win2012r2-sysprep-base: "start": "2020-01-29 
05:40:14.584057",
-amzn-win2012r2-sysprep-base: "stderr": "",
-amzn-win2012r2-sysprep-base: "stderr_lines": [],
-amzn-win2012r2-sysprep-base: "stdout": "WIN-F9EMCU74RLB\r\n",
-amzn-win2012r2-sysprep-base: "stdout_lines": [
-amzn-win2012r2-sysprep-base: "WIN-F9EMCU74RLB"
-amzn-win2012r2-sysprep-base: ]
-amzn-win2012r2-sysprep-base: }
-amzn-win2012r2-sysprep-base:
-amzn-win2012r2-sysprep-base: TASK [local command] 
***
-amzn-win2012r2-sys

Re: [ansible-project] ec2_vol and windows hosts

[John Roh]

Have you used to packer to build an AMI? I use packer option to build and
to attach ec2 volumes,
https://www.packer.io/docs/builders/amazon-ebs.html#ami_block_device_mappings
.

John.

On Sun, Aug 26, 2018 at 10:38 AM Bruce Affonso 
wrote:

> Hi,
>
> I know how to use ec2_vol to mount a drive to a Windows host.  Are there
> and Ansible options or modules available that then allow that drive to be
> set online, initialized and formatted or do we need to use powershell
> commands?
>
> Thanks,
>
> Bruce
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/d20c996e-3b88-4860-a539-dcd8a95f5729%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPxBRp44EJpFWkV_pZA%3DYHUe7qUFgkrySn%3Dj3%2BpQN%2BHxKHmEgQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] WinRM Connection Error

[John Roh]

I have the same issue that I rolled back to 2.4.1.
I have updated the packer.py for the connection_plugsins from github and
updated win_udpates from the github, both didn't worked at all.
However, 2.4.1, I was able to create ami without having the winrm timeout
along with packer v1.2.3.
Good luck.

John.

On Tue, Aug 7, 2018 at 10:37 AM, Scott Garcia 
wrote:

> Trying to ping a windows machine, and I'm running into an ambiguous error
> from one of the python modules.  Any suggestion on how to fix this?
>
> --
>
> # ansible windows -i inventory - -m win_ping
>
>
> ansible 2.6.2
>
>   config file = /home/ec2-user/ansible.cfg
>
>   configured module search path = [u'/usr/share/my_modules']
>
>   ansible python module location = /home/ec2-user/venv/local/lib/
> python2.7/site-packages/ansible
>
>   executable location = /home/ec2-user/venv/bin/ansible
>
>   python version = 2.7.14 (default, May  2 2018, 18:31:34) [GCC 4.8.5
> 20150623 (Red Hat 4.8.5-11)]
>
> Using /home/ec2-user/ansible.cfg as config file
>
> setting up inventory plugins
>
> Parsed /home/ec2-user/inventory inventory source with yaml plugin
>
> Loading callback plugin minimal of type stdout, v2.0 from
> /home/ec2-user/venv/local/lib/python2.7/site-packages/
> ansible/plugins/callback/minimal.pyc
>
> META: ran handlers
>
> Using module file /home/ec2-user/venv/local/lib/python2.7/site-packages/
> ansible/modules/windows/win_ping.ps1
>
> <10.206.46.246> ESTABLISH WINRM CONNECTION FOR USER: lanadmin on PORT 5985
> TO 10.206.46.246
>
> checking if winrm_host 10.206.46.246 is an IPv6 address
>
> <10.206.46.246> WINRM CONNECT: transport=ntlm endpoint=
> http://10.206.46.246:5985/wsman
>
> <10.206.46.246> WINRM CONNECTION ERROR: Parse() argument 1 must be string
> or read-only buffer, not None
>
> Traceback (most recent call last):
>
>   File "/home/ec2-user/venv/local/lib/python2.7/site-packages/
> ansible/plugins/connection/winrm.py", line 386, in _winrm_connect
>
> self.shell_id = protocol.open_shell(codepage=65001)  # UTF-8
>
>   File 
> "/home/ec2-user/venv/local/lib/python2.7/site-packages/winrm/protocol.py",
> line 161, in open_shell
>
> root = ET.fromstring(res)
>
>   File "/usr/lib64/python2.7/xml/etree/ElementTree.py", line 1311, in XML
>
> parser.feed(text)
>
>   File "/usr/lib64/python2.7/xml/etree/ElementTree.py", line 1657, in feed
>
> self._parser.Parse(data, 0)
>
> TypeError: Parse() argument 1 must be string or read-only buffer, not None
>
> windows | UNREACHABLE! => {
>
> "changed": false,
>
> "msg": "ntlm: Parse() argument 1 must be string or read-only buffer,
> not None",
>
> "unreachable": true
>
> }
>
> --
>
>
> # Inventory settings
>
>
> ansible_host: 10.206.46.246
>
> ansible_user: lanadmin
>
> ansible_password: xx
>
> ansible_port: 5985
>
> ansible_connection: winrm
>
> ansible_winrm_transport: ntlm
>
> ansible_winrm_server_cert_validation: ignore
>
>
> Attempts at a fix
>
> 1. I've tried changing the authentication type, but it just shows the same
> error message with that authentication type prepended.
>
> 2. I've ran the ConfigureRemotingForAnsible.ps1 script on my windows
> machine
>
> 3. I've tested the windows machine according to https://docs.ansible.com/
> ansible/2.5/user_guide/windows_setup.html#common-winrm-issues
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/ansible-project/376a58de-64a9-4f38-96f1-09de04539358%40googlegroups.
> com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPxBRp7rKwob1wHV9T-d35uHEvaaDxOk0GDN7rnFV%3Ds%2BqqOEdA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Code to attach an EBS volume during provisioning with CMK

[John Roh]

you mean, KMS encryption? If so, I put the packer code in the different
threads.

On Tue, Aug 7, 2018 at 2:24 PM,  wrote:

> Has anyone provisioned an EC2 instance and EBS volumes using CMK?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/ansible-project/a14eb5b2-1033-4033-bcb1-c44e88b4835c%40googlegroups.
> com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPxBRp4-Xnv_qWVN651sy8koE2akGKadkS_7Qu_hkRNs-BkjaQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.