Re: [ansible-project] Re: Ansible Windows Deployment - 'Connection aborted.', error(104, 'Connection reset by peer')

2020-08-17 Thread Tony Wong 
i dont understand what this mean

You need both the hotfix and the registry keys set for the connection to
break like this, having one or the other is not enough. A

On Sun, Aug 16, 2020 at 5:40 PM Tony Wong  wrote:

> I have same problem. I enabled winrm over https and i can see it listen to
> 5986. but a simple win_ping is not working
>
> On Monday, September 17, 2018 at 2:46:26 PM UTC-7 jbor...@gmail.com wrote:
>
>> You need both the hotfix and the registry keys set for the connection to
>> break like this, having one or the other is not enough. Another thing to
>> note is that this only applies to Server 2008, the 2008 R2 edition works
>> just fine with TLSv1.2. So if this is the original 2008 version (and not
>> 2008 R2) verify that TLS1.2 isn't enabled in the registry for the server
>> side.
>>
>> Thanks
>>
>> Jordan
>>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Ansible Project" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/ansible-project/CmgTs1NbvZE/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/1f417e6f-d87f-44e7-9a7e-60ff9fc57765n%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CALmkhkoiwzdYFZXazGWoo1tz5v5dCY2hsLFDz%2Byruk3P46jFzg%40mail.gmail.com.

[ansible-project] Re: Ansible Windows Deployment - 'Connection aborted.', error(104, 'Connection reset by peer')

2020-08-16 Thread Tony Wong 
I have same problem. I enabled winrm over https and i can see it listen to 
5986. but a simple win_ping is not working

On Monday, September 17, 2018 at 2:46:26 PM UTC-7 jbor...@gmail.com wrote:

> You need both the hotfix and the registry keys set for the connection to 
> break like this, having one or the other is not enough. Another thing to 
> note is that this only applies to Server 2008, the 2008 R2 edition works 
> just fine with TLSv1.2. So if this is the original 2008 version (and not 
> 2008 R2) verify that TLS1.2 isn't enabled in the registry for the server 
> side.
>
> Thanks
>
> Jordan
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1f417e6f-d87f-44e7-9a7e-60ff9fc57765n%40googlegroups.com.

Re: [ansible-project] Re: ansible windows inventory get hostname/user/password ad-hoc from external script

2020-03-31 Thread Gregory Storme 
I've managed to write a workaround, by writing a playbook which runs
the get-admin-credential command task, with "delegate_to: localhost".
>From this I build a dictionary with the parsed values for
host/login/password from the command output, and in the ansible inventory
file I do a hostvars lookup of these values.

An inventory plugin could also work, thanks for the tip I'll check that out
later.


On Thu, Mar 26, 2020 at 9:49 AM 'J Hawkesworth' via Ansible Project <
ansible-project@googlegroups.com> wrote:

> Would constructing your own lookup plugin be an option?
>
> There seem to be lots of lookup plugins that look things up in various
> kinds of vaults:
> https://docs.ansible.com/ansible/latest/plugins/lookup.html#plugin-list
> Could you create one of your own.
>
> If you created an inventory plugin, rather than an older style dynamic
> inventory script, I believe the inventory plugins can make use of the
> internal cache, so you might be able to cache credentials for a little
> while, which might speed things up, but I'd be inclined to see if you could
> create your own lookup plugin.
>
> Hope this helps,
>
> Jon
>
> On Tuesday, March 17, 2020 at 7:49:01 PM UTC, Gregory Storme wrote:
>>
>> Hi,
>>
>> We have a couple of hundred Windows hosts, with each host having
>> different credentials (both login and password), which are stored in an
>> on-premise, in-house developed "vault" system.
>> A dream scenario would be to install win32-openssh on all of them, and
>> use ssh key authentication :) however until there's MSI(X) support for
>> win32-openssh and/or it goes out of beta, this is not an option.
>>
>> We have an API to access our vault, which returns the
>> hostname/username/password for the host.
>> As a workaround now, I've written a simple wrapper for ansible-playbook
>> which works, but the disadvantage is that each host is a new playbook run.
>> I'm looking for a solution to run a playbook, and where ansible polls the
>> hostname/username/password for each alias in the ansible inventory.
>> Tried looking to patch the winrm.py connection plugin, but this didn't
>> work, and I think it would poll for each task that's executed by the winrm
>> plugin instead of only once?
>>
>> Solution I'm using now:
>>
>> ansible hosts file:
>>
>> [windows]
>> L001
>> L002
>> L003
>>
>> ansible-playbook wrapper:
>>
>> #!/bin/bash
>>
>> CONNECTION="ansible_connection=winrm ansible_port=5985
>> ansible_winrm_transport=credssp"
>>
>> for host in `cat ~/.ansible/hosts`
>>   do
>> SECRET=`/opt/scripts/vault-functions/bin/console
>> app:get-admin-credential --tag=$host`
>> HOST=`echo $SECRET | cut -d ';' -f1`
>> LOGIN=`echo $SECRET | cut -d ';' -f2`
>> DOMAIN=`echo $SECRET | cut -d ';' -f3`
>> PWD=`echo $SECRET | cut -d ';' -f4`
>>
>> if [ -z "$DOMAIN" ]; then
>>   ansible-playbook -i ~/.ansible/hosts ~/.ansible/windows.yml -e
>> "ansible_host=$HOST ansible_user=$LOGIN ansible_password=$PWD $CONNECTION"
>> else
>>   ansible-playbook -i ~/.ansible/hosts ~/.ansible/windows.yml -e
>> "ansible_host=$HOST ansible_user=$LOGIN@$DOMAIN ansible_password=$PWD
>> $CONNECTION"
>> fi
>>   done
>>
>> This works, but as stated before this runs an ansible-playbook for each
>> host.
>> Could someone point me in the right direction on how to be able to run an
>> ansible-playbook, upon which ansible does a lookup of the
>> ansible_hostname/ansible_user/ansible-password during the connection phase
>> to the host?
>>
>> Important detail, once a secret is requested from our vault, the password
>> will be reset within a couple of hours. So it's not possible for us to
>> build a static (encrypted) inventory.
>> Building a dynamic inventory is also not desired, because of the large
>> amount of hosts and the time it takes to request the credentials, this
>> would take too long and by the time it's finished, it's possible the
>> credentials of the first hosts have already been reset.
>>
>> So I'm looking for something that can pull data ad-hoc upon the ansible
>> connection, like the wrapper above does, but whilst staying in 1 playbook
>> run ... tips are much appreciated!
>>
>> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Ansible Project" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/ansible-project/bc28M8NwuvA/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/42d09dda-7d9d-440e-b5dd-cb3612990aea%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to

[ansible-project] Re: ansible windows inventory get hostname/user/password ad-hoc from external script

2020-03-26 Thread 'J Hawkesworth' via Ansible Project 
Would constructing your own lookup plugin be an option?

There seem to be lots of lookup plugins that look things up in various 
kinds of vaults:
https://docs.ansible.com/ansible/latest/plugins/lookup.html#plugin-list
Could you create one of your own.

If you created an inventory plugin, rather than an older style dynamic 
inventory script, I believe the inventory plugins can make use of the 
internal cache, so you might be able to cache credentials for a little 
while, which might speed things up, but I'd be inclined to see if you could 
create your own lookup plugin.

Hope this helps,

Jon

On Tuesday, March 17, 2020 at 7:49:01 PM UTC, Gregory Storme wrote:
>
> Hi,
>
> We have a couple of hundred Windows hosts, with each host having different 
> credentials (both login and password), which are stored in an on-premise, 
> in-house developed "vault" system.
> A dream scenario would be to install win32-openssh on all of them, and use 
> ssh key authentication :) however until there's MSI(X) support for 
> win32-openssh and/or it goes out of beta, this is not an option.
>
> We have an API to access our vault, which returns the 
> hostname/username/password for the host.
> As a workaround now, I've written a simple wrapper for ansible-playbook 
> which works, but the disadvantage is that each host is a new playbook run.
> I'm looking for a solution to run a playbook, and where ansible polls the 
> hostname/username/password for each alias in the ansible inventory.
> Tried looking to patch the winrm.py connection plugin, but this didn't 
> work, and I think it would poll for each task that's executed by the winrm 
> plugin instead of only once?
>
> Solution I'm using now:
>
> ansible hosts file:
>
> [windows]
> L001
> L002
> L003
>
> ansible-playbook wrapper:
>
> #!/bin/bash
>
> CONNECTION="ansible_connection=winrm ansible_port=5985 
> ansible_winrm_transport=credssp"
>
> for host in `cat ~/.ansible/hosts`
>   do
> SECRET=`/opt/scripts/vault-functions/bin/console 
> app:get-admin-credential --tag=$host`
> HOST=`echo $SECRET | cut -d ';' -f1`
> LOGIN=`echo $SECRET | cut -d ';' -f2`
> DOMAIN=`echo $SECRET | cut -d ';' -f3`
> PWD=`echo $SECRET | cut -d ';' -f4`
>
> if [ -z "$DOMAIN" ]; then
>   ansible-playbook -i ~/.ansible/hosts ~/.ansible/windows.yml -e 
> "ansible_host=$HOST ansible_user=$LOGIN ansible_password=$PWD $CONNECTION"
> else
>   ansible-playbook -i ~/.ansible/hosts ~/.ansible/windows.yml -e 
> "ansible_host=$HOST ansible_user=$LOGIN@$DOMAIN ansible_password=$PWD 
> $CONNECTION"
> fi
>   done
>
> This works, but as stated before this runs an ansible-playbook for each 
> host.
> Could someone point me in the right direction on how to be able to run an 
> ansible-playbook, upon which ansible does a lookup of the 
> ansible_hostname/ansible_user/ansible-password during the connection phase 
> to the host?
>
> Important detail, once a secret is requested from our vault, the password 
> will be reset within a couple of hours. So it's not possible for us to 
> build a static (encrypted) inventory.
> Building a dynamic inventory is also not desired, because of the large 
> amount of hosts and the time it takes to request the credentials, this 
> would take too long and by the time it's finished, it's possible the 
> credentials of the first hosts have already been reset.
>
> So I'm looking for something that can pull data ad-hoc upon the ansible 
> connection, like the wrapper above does, but whilst staying in 1 playbook 
> run ... tips are much appreciated!
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/42d09dda-7d9d-440e-b5dd-cb3612990aea%40googlegroups.com.

[ansible-project] Re: ansible windows

2020-03-13 Thread Jordan Borean 
If you are wanting to play around with things there's no harm in it. If you 
are wanting to use it in production I would wait until some of the kinks 
are ironed out and 2.10 is officially released.

That's not to say you can use it side by side and selectively try out 
various modules in the collection if you want to use a newer version.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/3bb44e87-771d-4313-8dde-1c2518b0984f%40googlegroups.com.

[ansible-project] Re: ansible windows

2020-03-13 Thread Andrew Meyer 
Would it be wise to wait for 2.10?

On Friday, March 13, 2020 at 4:03:56 PM UTC-5, Jordan Borean wrote:
>
> I also forgot to mention that while some components may work in 2.9 this 
> collection will not be tested against this version and will officially be 
> designed to work with 2.10 onwards.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/dbf71723-31ec-4a01-a79c-9b126b790449%40googlegroups.com.

[ansible-project] Re: ansible windows

2020-03-13 Thread Jordan Borean 
I also forgot to mention that while some components may work in 2.9 this 
collection will not be tested against this version and will officially be 
designed to work with 2.10 onwards.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/34d808a7-0a8a-480d-8ee9-c2d05e1efef3%40googlegroups.com.

[ansible-project] Re: ansible windows

2020-03-13 Thread Jordan Borean 
That is because the ansible.windows collection because the current released 
versions at https://galaxy.ansible.com/ansible/windows are all beta 
versions. The ansible-galaxy cli tool does not use any pre-release versions 
in it's check and the only way to install it is to explicitly set the 
version like

ansible-galaxy collection install ansible.windows:0.0.1-beta.2

Once a proper release is out then the install command will select the 
latest non-prerelease version as expected but for you now you need to 
explicitly opt in.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/3e1f2c41-4744-45f2-b8da-1755e6f21504%40googlegroups.com.

[ansible-project] Re: Ansible Windows Custom Modules

2019-08-25 Thread 'ground7612' via Ansible Project 
Anyone? Please, even if just a brief answer.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/a9ea2515-e37e-4697-b14b-12fc49847482%40googlegroups.com.

[ansible-project] Re: Ansible & Windows Management

2019-04-23 Thread CHARCHOUF SABRI 
Thank you for your reply
I will check and revert back

On Tuesday, April 23, 2019 at 3:55:29 AM UTC+2, Tony Chia wrote:
>
> To connect to windows from ansible you can use wintm instead of the 
> default winrm connection type 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/99ccca93-ae76-4815-9390-dd60b0202fbc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible Windows Deployment - 'Connection aborted.', error(104, 'Connection reset by peer')

2018-09-17 Thread Jordan Borean 
You need both the hotfix and the registry keys set for the connection to 
break like this, having one or the other is not enough. Another thing to 
note is that this only applies to Server 2008, the 2008 R2 edition works 
just fine with TLSv1.2. So if this is the original 2008 version (and not 
2008 R2) verify that TLS1.2 isn't enabled in the registry for the server 
side.

Thanks

Jordan

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/2c7b5e50-a855-4b2a-9e56-993f4a6e3465%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible Windows Deployment - 'Connection aborted.', error(104, 'Connection reset by peer')

2018-09-14 Thread Kartik Jayaraman 
Hello Jordan

Thanks for your response. 

The target server already has Powershell3.0, I went ahead and installed the 
hotfix and reinstalled the http and https listeners, but still isn't 
working.

The thing with TLS1.2 is that I have 2 win 2008 servers and they both have 
exact same registry settings wrt the TLS ciphers and it works fine on one 
and does not work on the other.
All Win RM commands yield same results in one of the servers and break on 
the other.

Do you have any other ideas?

Thanks
Kartik

On Thursday, September 13, 2018 at 3:58:06 PM UTC-5, Jordan Borean wrote:
>
> Hi
>
> The error you are seeing is that because the underlying HTTP stack on 
> Windows is beaking the connection and may or may not be related to WInRM 
> itself. If you are trying to connect to server 2008 then you will need 
> PowerShell v3.0 which has an issue with the memory settings. Make sure that 
> you have installed this hotfix 
> https://docs.ansible.com/ansible/latest/user_guide/windows_setup.html#winrm-memory-hotfix
> .
>
> The other issue I know that could cause this is the recent TLSv1.2 patch 
> Microsoft has released which effectively breaks compatibility. I came 
> across a bug with it and found even Microsoft products are unable to use 
> TLS v1.2 with it enabled, you can find out more details about this here 
> https://social.msdn.microsoft.com/Forums/en-US/f4b0e1d5-4a7f-4e6a-a196-a54c50849ff8/server-2008-and-tlsv12-server-issues-kb4019276?forum=winservergen.
>  
> If you have KB4019276 and have explicitly enabled the TLSv1.2 ciphers in 
> the registry then this would have to be undone before Ansible will work 
> with it.
>
> Thanks
>
> Jordan
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/edb857c5-46f1-4411-9fc2-455639e985a3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible Windows Deployment - 'Connection aborted.', error(104, 'Connection reset by peer')

2018-09-13 Thread Jordan Borean 
Hi

The error you are seeing is that because the underlying HTTP stack on 
Windows is beaking the connection and may or may not be related to WInRM 
itself. If you are trying to connect to server 2008 then you will need 
PowerShell v3.0 which has an issue with the memory settings. Make sure that 
you have installed this hotfix 
https://docs.ansible.com/ansible/latest/user_guide/windows_setup.html#winrm-memory-hotfix.

The other issue I know that could cause this is the recent TLSv1.2 patch 
Microsoft has released which effectively breaks compatibility. I came 
across a bug with it and found even Microsoft products are unable to use 
TLS v1.2 with it enabled, you can find out more details about this here 
https://social.msdn.microsoft.com/Forums/en-US/f4b0e1d5-4a7f-4e6a-a196-a54c50849ff8/server-2008-and-tlsv12-server-issues-kb4019276?forum=winservergen.
 
If you have KB4019276 and have explicitly enabled the TLSv1.2 ciphers in 
the registry then this would have to be undone before Ansible will work 
with it.

Thanks

Jordan

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5cbeefdd-9b6e-4dca-ae25-f04f13cc1097%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: [Ansible windows] "kerberos: authGSSClientStep() failed: (('Unspecified GSS failure. Minor code may provide more information', 851968), ('Generic error (see e-text)', -176532

2018-08-28 Thread Jordan Borean 
arcfour is RC4 which isn't supported, problematic, and a broken encryption 
standard. You should be using at least AES, a list of encryption types in 
krb5 can be found here 
http://web.mit.edu/kerberos/krb5-1.12/doc/admin/enctypes.html#enctype-compatibility.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/a7d28a9e-c3c5-448a-85a6-6e3fe1bf6a92%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: [Ansible windows] "kerberos: authGSSClientStep() failed: (('Unspecified GSS failure. Minor code may provide more information', 851968), ('Generic error (see e-text)', -176532

2018-08-28 Thread Jeremie Levy 
Hello Jordan
I moved from https to http
I removed the des kerberos options:
# default_tgs_enctypes = des-cbc-crc arcfour-hmac-md5
 default_tgs_enctypes = arcfour-hmac-md5
# default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc
 default_tkt_enctypes = arcfour-hmac-md5
# preferred_preauth_types = des-cbc-crc


And here is the result of the run - i have to admit this is not helping me
much...

# KRB5_TRACE=/dev/stdout ansible-playbook playbooks/win_test.yml --limit
scststhost67.usa.company.com -


ansible-playbook 2.6.2

  config file = /ansible/scripts/ansible.cfg

  configured module search path =
[u'/usr/local/lib/python2.7/dist-packages/ara/plugins/modules']

  ansible python module location =
/usr/lib/python2.7/dist-packages/ansible

  executable location = /usr/bin/ansible-playbook

  python version = 2.7.12 (default, Dec  4 2017, 14:50:18) [GCC 5.4.0
20160609]
Using /ansible/scripts/ansible.cfg as config file

setting up inventory plugins

Parsed /ansible/scripts/inventory/windows.yml inventory source with yaml
plugin
Loading callback plugin default of type stdout, v2.0 from
/usr/lib/python2.7/dist-packages/ansible/plugins/callback/default.pyc

Loading callback plugin ara of type notification, v2.0 from
/usr/local/lib/python2.7/dist-packages/ara/plugins/callbacks/log_ara.pyc


PLAYBOOK: win_test.yml
*
1 plays in playbooks/win_test.yml



PLAY [windows]
*
META: ran handlers


Trying secret
FileVaultSecret(filename='/nfs/site/disks/home30/ansible/.ssh/ansible_vault.txt')
for vault_id=default

TASK [Simple Ping]
*
task path: /ansible/scripts/playbooks/win_test.yml:5

Using module file
/usr/lib/python2.7/dist-packages/ansible/modules/windows/win_ping.ps1

 ESTABLISH WINRM CONNECTION FOR USER:
usa_ansi...@usa.company.com on PORT 5986 TO scststhost67.usa.company.com

checking if winrm_host scststhost67.usa.company.com is an IPv6 address


calling kinit with pexpect for principal usa_ansi...@usa.company.com


[5574] 1535488714.966934: Retrieving usa_ansi...@usa.company.com from
FILE:/etc/krb5/user/30254/client.keytab (vno 0, enctype 0) with result:
2/Key table file '/etc/krb5/user/30254/client.keytab' not found


[5574] 1535488714.967925: Retrieving usa_ansi...@usa.company.com from
FILE:/etc/krb5/user/30254/client.keytab (vno 0, enctype 0) with result:
2/Key table file '/etc/krb5/user/30254/client.keytab' not found


[5574] 1535488714.968917: Retrieving usa_ansi...@usa.company.com from
FILE:/etc/krb5/user/30254/client.keytab (vno 0, enctype 0) with result:
2/Key table file '/etc/krb5/user/30254/client.keytab' not found


[5574] 1535488714.969845: Retrieving usa_ansi...@usa.company.com from
FILE:/etc/krb5/user/30254/client.keytab (vno 0, enctype 0) with result:
2/Key table file '/etc/krb5/user/30254/client.keytab' not found


[5574] 1535488714.970790: Retrieving usa_ansi...@usa.company.com from
FILE:/etc/krb5/user/30254/client.keytab (vno 0, enctype 0) with result:
2/Key table file '/etc/krb5/user/30254/client.keytab' not found


[5574] 1535488714.974593: Retrieving usa_ansi...@usa.company.com from
FILE:/etc/krb5/user/30254/client.keytab (vno 0, enctype 0) with result:
2/Key table file '/etc/krb5/user/30254/client.keytab' not found


[5574] 1535488714.975957: Retrieving usa_ansi...@usa.company.com from
FILE:/etc/krb5/user/30254/client.keytab (vno 0, enctype 0) with result:
2/Key table file '/etc/krb5/user/30254/client.keytab' not found


[5574] 1535488714.976891: Retrieving usa_ansi...@usa.company.com from
FILE:/etc/krb5/user/30254/client.keytab (vno 0, enctype 0) with result:
2/Key table file '/etc/krb5/user/30254/client.keytab' not found


[5574] 1535488714.979603: Getting credentials usa_ansi...@usa.company.com
-> HTTP/scststhost67.usa.company@usa.company.com using ccache
FILE:/tmp/tmpa0pCw0


[5574] 1535488714.979722: Retrieving usa_ansi...@usa.company.com -> HTTP/
scststhost67.usa.company@usa.company.com from FILE:/tmp/tmpa0pCw0 with
result: -1765328243/Matching credential not found


[5574] 1535488714.979790: Retrieving usa_ansi...@usa.company.com -> krbtgt/
usa.company@usa.company.com from FILE:/tmp/tmpa0pCw0 with result:
0/Success


[5574] 1535488714.979801: Starting with TGT for client realm:
usa_ansi...@usa.company.com -> krbtgt/usa.company@usa.company.com

[5574] 1535488714.979809: Requesting tickets for HTTP/
scststhost67.usa.company@usa.company.com, referrals on

[5574] 1535488714.979835: Generated subkey for TGS request: rc4-hmac/DA64


[5574] 1535488714.979855: etypes requested in TGS request: rc4-hmac


[5574] 1535488714.979986: Encoding request body and padata into FAST

[ansible-project] Re: [Ansible windows] "kerberos: authGSSClientStep() failed: (('Unspecified GSS failure. Minor code may provide more information', 851968), ('Generic error (see e-text)', -1765328

2018-08-27 Thread Jordan Borean 
Because you are running over https, message encryption is not being run so 
that post you linked to is technically unrelated. In saying that, I have no 
idea about your environment setup, but RC4 and DES are effectively broken 
and you should avoid using in any case. Unless you have set that on purpose 
you shouldn't be allowing weak cryptos.

To try and find out what exactly is failing can you run Ansible with 
KRB5_TRACE=/dev/stdout set, e.g. '*KRB5_TRACE=/dev/stdout ansible-playbook 
agent.yml --limit *'. This will make gssapi on that host sent the logs 
to stdout hopefully giving you a better error.

Thanks

Jordan

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5d092aa8-70d1-4345-abe8-5516b4dfba61%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: [Ansible windows] "kerberos: authGSSClientStep() failed: (('Unspecified GSS failure. Minor code may provide more information', 851968), ('Generic error (see e-text)', -1765328

2018-08-27 Thread Jeremie Levy 
Using an USA domain user instead of a EUR domain user move me to another 
issue

*"kerberos: Bad HTTP response returned from server. Code 400"*
I found out this question here 
: https://groups.google.com/forum/#!topic/ansible-project/WJbhN3VYMmI but 
nothing could help me.

I have to say, my first choice would be to use the same user eventually.

Thanks

Jordan / Jon ? :)

On Monday, August 27, 2018 at 9:51:54 AM UTC+3, Jeremie Levy wrote:
>
> Hi
> In my company we have a forest with multiple domains, EUR / USA ...
> I can work without any issue with my domain (EUR) with a EUR user
>
> Now i'm trying to access a USA server with and got the following failure:
>
> # ansible-playbook agent.yml --limit tsthost67.usa.company.com -
> ansible-playbook 2.6.2
>   config file = /ansible/scripts/ansible.cfg
>   configured module search path = 
> [u'/usr/local/lib/python2.7/dist-packages/ara/plugins/modules']
>   ansible python module location = /usr/lib/python2.7/dist-packages/ansible
>   executable location = /usr/bin/ansible-playbook
>   python version = 2.7.12 (default, Dec  4 2017, 14:50:18) [GCC 5.4.0 
> 20160609]
> Using /ansible/scripts/ansible.cfg as config file
> setting up inventory plugins
> Parsed /ansible/scripts/inventory/windows.yml inventory source with yaml 
> plugin
> Loading callback plugin default of type stdout, v2.0 from 
> /usr/lib/python2.7/dist-packages/ansible/plugins/callback/default.pyc
> Loading callback plugin ara of type notification, v2.0 from 
> /usr/local/lib/python2.7/dist-packages/ara/plugins/callbacks/log_ara.pyc
>
> PLAYBOOK: agent.yml 
> *
> 1 plays in agent.yml
>
> PLAY [fw] 
> *
> Trying secret 
> FileVaultSecret(filename='/nfs/site/disks/home30/ansible/.ssh/ansible_vault.txt')
>  
> for vault_id=default
>
> TASK [Gathering Facts] 
> 
> task path: /ansible/scripts/agent.yml:2
> Using module file 
> /usr/lib/python2.7/dist-packages/ansible/modules/windows/setup.ps1
>  ESTABLISH WINRM CONNECTION FOR USER: 
> ansi...@eur.company.com on PORT 5986 TO tsthost67.usa.company.com
> checking if winrm_host tsthost67.usa.company.com is an IPv6 address
> calling kinit with pexpect for principal ansi...@eur.company.com
> fatal: [tsthost67.usa.company.com]: UNREACHABLE! => {
> "changed": false,
> *"msg": "kerberos: authGSSClientStep() failed: (('Unspecified GSS 
> failure.  Minor code may provide more information', 851968), ('Generic 
> error (see e-text)', -1765328324))",*
> "unreachable": true
> }
> to retry, use: --limit @/ansible/scripts/qb-agent-fw.retry
>
> PLAY RECAP 
> 
> tsthost67.usa.company.com : ok=0changed=0unreachable=1failed=0
>
>
>
> my kerberos file:
>
> # cat /etc/krb5.conf  
> 
> 
>  
> [libdefaults]
>  default_realm = EUR.COMPANY.COM  
>   
>  ticket_lifetime = 36000  
>  
>  renew_lifetime = 2592000  
> 
>  default_keytab_name = /etc/krb5.keytab
> 
>  forwardable = true
> 
>  allow_weak_crypto = true  
> 
>  dns_lookup_realm = false

[ansible-project] Re: Ansible windows patch trouble: Need help for Win Patch Automation using Ansible

2018-05-25 Thread ansible4windows 
I know I had enabled winrm on the machine 206, thats the reason it pinged 
back.
I know winrm service is running on other machines but I believe i will have 
to change execution policy and run the ConfigureRemotingForAnsible.ps1 on 
each of them to enable it to listen for remoting.
Is there a way I can run the ps1 at once on all the hosts at once?
Ansible will do but for that to happen I think winrm need to be configured.
Is this approach correct? 


On Friday, May 25, 2018 at 1:47:52 PM UTC-7, Mike Fennemore wrote:
>
> Ok that makes it clearer. I also work with multiple Windows domains, with 
> a single CentOS control node. For your use case ntlm would work as Kerberos 
> adds extra config and also has its own issues. 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/06c87439-d574-42e1-ba20-4c54ae895450%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible windows patch trouble: Need help for Win Patch Automation using Ansible

2018-05-25 Thread Mike Fennemore 
Ok that makes it clearer. I also work with multiple Windows domains, with a 
single CentOS control node. For your use case ntlm would work as Kerberos adds 
extra config and also has its own issues. 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/ccbf4193-5d8b-4c86-b578-2ef3129d14af%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible windows patch trouble: Need help for Win Patch Automation using Ansible

2018-05-25 Thread ansible4windows 
To revise what I am trying is:
I am working in an environment where there are 5 domains that run Windows 
and Linux systems.
The network operators spend weeks and months patching these windows and 
linux system an it is a pain.
I want to automate this patching task.

Refering Ansible for Windows document.
I believe if I can successfully ping the windows machine i will definitely 
be able to make my playbook do the rest of the magic.
But here I am stuck at root.

I am having my ansible machine in one domain and the windows hosts that I 
am trying on are in other domain(test env for me).
If i success here, I can definitely then be able to move in staging and 
production. 

Given this background I am seeking help and looking to automate this 
painful task that is outdated and get ansible take care.

On Friday, May 25, 2018 at 1:29:12 PM UTC-7, ansible...@gmail.com wrote:
>
> Some success here. 
> As per Mike suggested I made changed the vars.
> Hosts vars as below:
>  [win:vars]
> ansible_user: ansible.dep...@abc.lcl
> ansible_password: xxx
> ansible_connection=winrm
> ansible_winrm_transport: ntlm
> ansible_winrm_server_cert_validation: ignore
>
> *Output:*
> vabcs012.aritst.lcl | UNREACHABLE! => {
> "changed": false,
> "msg": "ntlm: HTTPSConnectionPool(host='10.12.12.12', port=5986): Max 
> retries exceeded with url: /wsman (Caused by 
> NewConnectionError(' 0x7f726abd0250>: Failed to establish a new connection: [Errno 111] 
> Connection refused',))",
> "unreachable": true
> }
> VATCS206.ARITST.LCL | SUCCESS => {
> "changed": false,
> "ping": "pong"
> }
>
> *With Kerberos:*
> *Following output:*
>
> RobotWindowsSer | UNREACHABLE! => {
> "changed": false,
> "msg": "Kerberos auth failure: kinit: Client 
> 'ansible.dep...@aritst.lcl' not found in Kerberos database while getting 
> initial credentials",
> "unreachable": true
> }
> VATCS028.ARITST.LCL | UNREACHABLE! => {
> "changed": false,
> "msg": "Kerberos auth failure: kinit: KDC reply did not match 
> expectations while getting initial credentials",
> "unreachable": true
> }
> VATCS206.ARITST.LCL | UNREACHABLE! => {
> "changed": false,
> "msg": "Kerberos auth failure: kinit: Client 
> 'ansible.dep...@aritst.lcl' not found in Kerberos database while getting 
> initial credentials",
> "unreachable": true
> }
> vabcs012.aritst.lcl | UNREACHABLE! => {
> "changed": false,
> "msg": "Kerberos auth failure: kinit: KDC reply did not match 
> expectations while getting initial credentials",
> "unreachable": true
> }
> VATCS029.ARITST.LCL | UNREACHABLE! => {
> "changed": false,
> "msg": "Kerberos auth failure: kinit: KDC reply did not match 
> expectations while getting initial credentials",
> "unreachable": true
> }
>
>
> On Friday, May 25, 2018 at 1:15:06 PM UTC-7, Jordan Borean wrote:
>>
>> plaintext: the specified credentials were rejected by the server
>>
>>
>> You are running over HTTP with Basic auth which doesn't work by default. 
>> I recommend you using a HTTPS listener or use an auth setup that supports 
>> message encryption over HTTP like NTLM/Kerberos/CredSSP.
>>
>> plaintext: HTTPConnectionPool(host='10.12.12.12', port=5985): Max retries 
>>> exceeded with url: /wsman (Caused by 
>>> NewConnectionError('>> 0x7f02859474d0>: Failed  to establish a new connection: [Errno 111] 
>>> Connection refused',))",
>>>
>>
>> Usually means there's a firewall blocking this port, make sure Windows 
>> Firewall (or anything else in between) is not blocking it
>>
>> kerberos: the python kerberos library is not installed
>>>
>>
>> The kerb dependencies are not installed by default as it requires a few 
>> system packages, to install run
>>
>> # install the required System packages for requests-kerberos
>> sudo yum install gcc python-devel krb5-devel krb5-workstation python-devel
>>
>> # install the requests-kerberos library
>> pip install pywinrm[kerberos]
>>
>>
>> If I should do a new ansible server setup on a CentOS and try working 
>>> from start?
>>>
>>
>> Depends on what you need to do, I recommend you push through and get your 
>> basic setup done and working. Once it is, make sure you documented your 
>> steps on what you did to get to that point and start to automate the steps. 
>> Once you have a way to running a script (be it through Ansible or something 
>> else), you can easily bring down and recreate your control host easily. 
>> First you need to set things up correctly and understand the various 
>> components first.
>>
>> Thanks
>>
>> Jordan
>>
>
> On Friday, May 25, 2018 at 1:15:06 PM UTC-7, Jordan Borean wrote:
>>
>> plaintext: the specified credentials were rejected by the server
>>
>>
>> You are running over HTTP with Basic auth which doesn't work by default. 
>> I recommend you using a HTTPS listener or use an auth setup that supports 
>> message encryption over HTTP like NTLM/Kerberos/CredSSP.
>>
>> plaintext: HTTPConnectionPool(host='10.12.12.12', port=5985):

[ansible-project] Re: Ansible windows patch trouble: Need help for Win Patch Automation using Ansible

2018-05-25 Thread ansible4windows 
Some success here. 
As per Mike suggested I made changed the vars.
Hosts vars as below:
 [win:vars]
ansible_user: ansible.dep...@abc.lcl
ansible_password: xxx
ansible_connection=winrm
ansible_winrm_transport: ntlm
ansible_winrm_server_cert_validation: ignore

*Output:*
vabcs012.aritst.lcl | UNREACHABLE! => {
"changed": false,
"msg": "ntlm: HTTPSConnectionPool(host='10.12.12.12', port=5986): Max 
retries exceeded with url: /wsman (Caused by 
NewConnectionError(': Failed to establish a new connection: [Errno 111] 
Connection refused',))",
"unreachable": true
}
VATCS206.ARITST.LCL | SUCCESS => {
"changed": false,
"ping": "pong"
}

*With Kerberos:*
*Following output:*

RobotWindowsSer | UNREACHABLE! => {
"changed": false,
"msg": "Kerberos auth failure: kinit: Client 
'ansible.dep...@aritst.lcl' not found in Kerberos database while getting 
initial credentials",
"unreachable": true
}
VATCS028.ARITST.LCL | UNREACHABLE! => {
"changed": false,
"msg": "Kerberos auth failure: kinit: KDC reply did not match 
expectations while getting initial credentials",
"unreachable": true
}
VATCS206.ARITST.LCL | UNREACHABLE! => {
"changed": false,
"msg": "Kerberos auth failure: kinit: Client 
'ansible.dep...@aritst.lcl' not found in Kerberos database while getting 
initial credentials",
"unreachable": true
}
vabcs012.aritst.lcl | UNREACHABLE! => {
"changed": false,
"msg": "Kerberos auth failure: kinit: KDC reply did not match 
expectations while getting initial credentials",
"unreachable": true
}
VATCS029.ARITST.LCL | UNREACHABLE! => {
"changed": false,
"msg": "Kerberos auth failure: kinit: KDC reply did not match 
expectations while getting initial credentials",
"unreachable": true
}


On Friday, May 25, 2018 at 1:15:06 PM UTC-7, Jordan Borean wrote:
>
> plaintext: the specified credentials were rejected by the server
>
>
> You are running over HTTP with Basic auth which doesn't work by default. I 
> recommend you using a HTTPS listener or use an auth setup that supports 
> message encryption over HTTP like NTLM/Kerberos/CredSSP.
>
> plaintext: HTTPConnectionPool(host='10.12.12.12', port=5985): Max retries 
>> exceeded with url: /wsman (Caused by 
>> NewConnectionError('> 0x7f02859474d0>: Failed  to establish a new connection: [Errno 111] 
>> Connection refused',))",
>>
>
> Usually means there's a firewall blocking this port, make sure Windows 
> Firewall (or anything else in between) is not blocking it
>
> kerberos: the python kerberos library is not installed
>>
>
> The kerb dependencies are not installed by default as it requires a few 
> system packages, to install run
>
> # install the required System packages for requests-kerberos
> sudo yum install gcc python-devel krb5-devel krb5-workstation python-devel
>
> # install the requests-kerberos library
> pip install pywinrm[kerberos]
>
>
> If I should do a new ansible server setup on a CentOS and try working from 
>> start?
>>
>
> Depends on what you need to do, I recommend you push through and get your 
> basic setup done and working. Once it is, make sure you documented your 
> steps on what you did to get to that point and start to automate the steps. 
> Once you have a way to running a script (be it through Ansible or something 
> else), you can easily bring down and recreate your control host easily. 
> First you need to set things up correctly and understand the various 
> components first.
>
> Thanks
>
> Jordan
>

On Friday, May 25, 2018 at 1:15:06 PM UTC-7, Jordan Borean wrote:
>
> plaintext: the specified credentials were rejected by the server
>
>
> You are running over HTTP with Basic auth which doesn't work by default. I 
> recommend you using a HTTPS listener or use an auth setup that supports 
> message encryption over HTTP like NTLM/Kerberos/CredSSP.
>
> plaintext: HTTPConnectionPool(host='10.12.12.12', port=5985): Max retries 
>> exceeded with url: /wsman (Caused by 
>> NewConnectionError('> 0x7f02859474d0>: Failed  to establish a new connection: [Errno 111] 
>> Connection refused',))",
>>
>
> Usually means there's a firewall blocking this port, make sure Windows 
> Firewall (or anything else in between) is not blocking it
>
> kerberos: the python kerberos library is not installed
>>
>
> The kerb dependencies are not installed by default as it requires a few 
> system packages, to install run
>
> # install the required System packages for requests-kerberos
> sudo yum install gcc python-devel krb5-devel krb5-workstation python-devel
>
> # install the requests-kerberos library
> pip install pywinrm[kerberos]
>
>
> If I should do a new ansible server setup on a CentOS and try working from 
>> start?
>>
>
> Depends on what you need to do, I recommend you push through and get your 
> basic setup done and working. Once it is, make sure you documented your 
> steps on what you did to get to that point and start to automate the steps. 
> Once you have a way to running a script (be

[ansible-project] Re: Ansible windows patch trouble: Need help for Win Patch Automation using Ansible

2018-05-25 Thread Jordan Borean 

>
> plaintext: the specified credentials were rejected by the server


You are running over HTTP with Basic auth which doesn't work by default. I 
recommend you using a HTTPS listener or use an auth setup that supports 
message encryption over HTTP like NTLM/Kerberos/CredSSP.

plaintext: HTTPConnectionPool(host='10.12.12.12', port=5985): Max retries 
> exceeded with url: /wsman (Caused by 
> NewConnectionError(' 0x7f02859474d0>: Failed  to establish a new connection: [Errno 111] 
> Connection refused',))",
>

Usually means there's a firewall blocking this port, make sure Windows 
Firewall (or anything else in between) is not blocking it

kerberos: the python kerberos library is not installed
>

The kerb dependencies are not installed by default as it requires a few 
system packages, to install run

# install the required System packages for requests-kerberos
sudo yum install gcc python-devel krb5-devel krb5-workstation python-devel

# install the requests-kerberos library
pip install pywinrm[kerberos]


If I should do a new ansible server setup on a CentOS and try working from 
> start?
>

Depends on what you need to do, I recommend you push through and get your 
basic setup done and working. Once it is, make sure you documented your 
steps on what you did to get to that point and start to automate the steps. 
Once you have a way to running a script (be it through Ansible or something 
else), you can easily bring down and recreate your control host easily. 
First you need to set things up correctly and understand the various 
components first.

Thanks

Jordan

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/63138e17-137d-4790-9ce5-27239922785a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible windows patch trouble: Need help for Win Patch Automation using Ansible

2018-05-25 Thread Mike Fennemore 
http://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html .

What does the entry in the hosts inventory look like? kerberos is generally 
used when you are using a domain account and need second hop capabilities.

The example below uses NTLM which is older but does also work quite well.
 [win:vars]
ansible_user: ansible.dep...@abc.lcl
ansible_password: xxx
ansible_connection=winrm
ansible_winrm_transport: ntlm
ansible_winrm_server_cert_validation: ignore

If you want to use Kerberos then you will need the packages:

yum -y install python-devel krb5-devel krb5-libs krb5-workstation



On Friday, May 25, 2018 at 9:57:57 PM UTC+2, ansible...@gmail.com wrote:
>
> Now I am getting new error:
> My first error was:
> VATCS028.ARITST.LCL | UNREACHABLE! => {
> "changed": false,
> "msg": "plaintext: the specified credentials were rejected by the 
> server",
> "unreachable": true
> }
> vabcs012.aritst.lcl | UNREACHABLE! => {
> "changed": false,
> "msg": "plaintext: HTTPConnectionPool(host='10.12.12.12', port=5985): 
> Max retries exceeded with url: /wsman (Caused by 
> NewConnectionError(' 0x7f02859474d0>: Failed  to establish a new connection: [Errno 111] 
> Connection refused',))",
>
> After which I added a line (noticing that I had forgot to mention that in 
> my vars) in hosts vars:
>
> ansible_winrm_transport: Kerberos
>
>
> and now I have this error:
>
> VATCS029.ARITST.LCL | UNREACHABLE! => {
>
> "changed": false,
>
> "msg": "kerberos: the python kerberos library is not installed",
>
> "unreachable": true
>
> Bare with me, I need to resolve this. Its been a month I am trying to fix 
> these thing.
> Also I want to ask, if I should do a new ansible server setup on a CentOS 
> and try working from start?
>
> On Friday, May 25, 2018 at 12:27:19 PM UTC-7, Jordan Borean wrote:
>>
>> When using an ini inventory you have to define cars like key=value not 
>> key: value. Change all your vars to that format and the inventory will be 
>> parsable.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/dde0a3a0-8f06-4492-b3a1-87bc3f102f37%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible windows patch trouble: Need help for Win Patch Automation using Ansible

2018-05-25 Thread ansible4windows 
Now I am getting new error:
My first error was:
VATCS028.ARITST.LCL | UNREACHABLE! => {
"changed": false,
"msg": "plaintext: the specified credentials were rejected by the 
server",
"unreachable": true
}
vabcs012.aritst.lcl | UNREACHABLE! => {
"changed": false,
"msg": "plaintext: HTTPConnectionPool(host='10.12.12.12', port=5985): 
Max retries exceeded with url: /wsman (Caused by 
NewConnectionError(': Failed  to establish a new connection: [Errno 111] 
Connection refused',))",

After which I added a line (noticing that I had forgot to mention that in 
my vars) in hosts vars:

ansible_winrm_transport: Kerberos


and now I have this error:

VATCS029.ARITST.LCL | UNREACHABLE! => {

"changed": false,

"msg": "kerberos: the python kerberos library is not installed",

"unreachable": true

Bare with me, I need to resolve this. Its been a month I am trying to fix 
these thing.
Also I want to ask, if I should do a new ansible server setup on a CentOS 
and try working from start?

On Friday, May 25, 2018 at 12:27:19 PM UTC-7, Jordan Borean wrote:
>
> When using an ini inventory you have to define cars like key=value not 
> key: value. Change all your vars to that format and the inventory will be 
> parsable.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/8131500c-3af5-4b77-9b41-e74d7ecde0e6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible windows patch trouble: Need help for Win Patch Automation using Ansible

2018-05-25 Thread Jordan Borean 
When using an ini inventory you have to define cars like key=value not key: 
value. Change all your vars to that format and the inventory will be parsable.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/b2533795-7358-4eb2-bd28-9fe9fceac0d3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible windows patch trouble: Need help for Win Patch Automation using Ansible

2018-05-25 Thread ansible4windows 
Update:
Further I went ahead and created a hosts file in my "ansible-virtualenv" 
and passed the path in the global ansible.cfg file.
Ran the following command in virtualenv and now I have following issue

*ansible win -i hosts -m win_ping*
 [WARNING]:  * Failed to parse 
/root/ansible-virtualenvs/ansible-virtualenv/playbook/hosts with yaml 
plugin: Syntax
Error while loading YAML.   expected '', but found 
''  The error appears to have been in
'/root/ansible-virtualenvs/ansible-virtualenv/playbook/hosts': line 4, 
column 1, but may be elsewhere in the file
depending on the exact syntax problem.  The offending line appears to be:  
[win] abc012.abctst.lcl
ansible_host=10.12.12.12 ^ here

 [WARNING]:  * Failed to parse 
/root/ansible-virtualenvs/ansible-virtualenv/playbook/hosts with ini 
plugin: /root
/ansible-virtualenvs/ansible-virtualenv/playbook/hosts:11: Expected 
key=value, got: ansible_user:
ansible.dep...@abctst.lcl

 [WARNING]: Unable to parse 
/root/ansible-virtualenvs/ansible-virtualenv/playbook/hosts as an inventory 
source

 [WARNING]: No inventory was parsed, only implicit localhost is available

 [WARNING]: provided hosts list is empty, only localhost is available. Note 
that the implicit localhost does not
match 'all'

abc012.ARITST.LCL | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: connect to host 
10.12.12.206 port 22: Connection refused\r\n",
"unreachable": true

I have mentioned in my hosts file created in "ansible-virtualenv" follwoing 
vars:

 [win:vars]
ansible_user: ansible.dep...@abc.lcl
ansible_password: xxx
ansible_port=5985
ansible_connection=winrm
ansible_winrm_server_cert_validation: ignore

Why is it still trying to use port 22?

On Friday, May 25, 2018 at 11:01:36 AM UTC-7, ansible...@gmail.com wrote:
>
> Hi Jordan,
> Assist me further as I am not able to find content relating to my problem.
>
> I installed a virtualenv.
> Did:
>
>- 
>- 
>- Package   Version
>- - -
>- ansible   2.5.3  
>(/root/ansible-virtualenvs/ansible-virtualenv/bin/ansible)
>- asn1crypto0.24.0
>- bcrypt3.1.4
>- certifi   2018.4.16
>- cffi  1.11.5
>- chardet   3.0.4
>- cryptography  2.2.2
>- enum341.1.6
>- idna  2.6
>- ipaddress 1.0.22
>- Jinja22.10
>- MarkupSafe1.0
>- ntlm-auth 1.1.0
>- paramiko  2.4.1
>- pip   10.0.1
>- pyasn10.4.3
>- pycparser 2.18
>- PyNaCl1.2.1
>- pywinrm   0.3.0
>- PyYAML3.12
>- requests  2.18.4
>- requests-ntlm 1.1.0
>- setuptools39.2.0
>- six   1.11.0
>- urllib3   1.22
>- wheel 0.31.1
>- xmltodict 0.11.0
>
> Now what I am not able to understand is:
> 1. How should I try win_ping here?
> 2. Will it take my hosts file from etc/ansible/hosts?
>
> I tried following command:
> ansible all -m win_ping
>  
> [WARNING]:  * Failed to parse /etc/ansible/hosts with yaml plugin: Syntax 
> Error while loading YAML.   expected
> '', but found ''  The error appears to have been 
> in '/etc/ansible/hosts': line 5, column 1,
> but may be elsewhere in the file depending on the exact syntax problem.  
> The offending line appears to be:
> #RobotWindowsSer ansible_host=10.7.7.199 VATCS028.ARITST.LCL 
> ansible_host=10.12.12.28 ^ here
>
>  [WARNING]:  * Failed to parse /etc/ansible/hosts with ini plugin: 
> /etc/ansible/hosts:14: Expected key=value, got:
> ansible_winrm_server_cert_validation: ignore
>
>  [WARNING]: Unable to parse /etc/ansible/hosts as an inventory source
>
>  [WARNING]: No inventory was parsed, only implicit localhost is available
>
>  [WARNING]: provided hosts list is empty, only localhost is available. 
> Note that the implicit localhost does not
> match 'all'
>
> What is happening now?
>
>
> On Thursday, May 24, 2018 at 3:20:24 PM UTC-7, Jordan Borean wrote:
>>
>> There is a conflict between a system package and pip trying to install 
>> another package which in Pip 10 it doesn't handle properly. You can do 
>> either of the following
>>
>>- Use a virtualenv and run Ansible from there 
>>
>> https://stackoverflow.com/questions/49916736/how-to-properly-handle-conflicting-distutils-libraries-with-pip
>>- Install the packages for just the user "pip install pywinrm --user"
>>- Skip the install of requests and continue to use the distuil 
>>packaged version "pip install pywinrm --ignore-installed"
>>
>> That's what I would recommend you try
>>
>> Thanks
>>
>> Jordan
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit

[ansible-project] Re: Ansible windows patch trouble: Need help for Win Patch Automation using Ansible

2018-05-25 Thread Mike Fennemore 
There seems to a problem in the formatting of your hosts inventory file.
I would recommend reading through 
http://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html .

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/ef9b17d6-d487-405c-a8cf-7816fddf6a00%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible windows patch trouble: Need help for Win Patch Automation using Ansible

2018-05-25 Thread ansible4windows 
Hi Jordan,
Assist me further as I am not able to find content relating to my problem.

I installed a virtualenv.
Did:

   - 
   - 
   - Package   Version
   - - -
   - ansible   2.5.3  
   (/root/ansible-virtualenvs/ansible-virtualenv/bin/ansible)
   - asn1crypto0.24.0
   - bcrypt3.1.4
   - certifi   2018.4.16
   - cffi  1.11.5
   - chardet   3.0.4
   - cryptography  2.2.2
   - enum341.1.6
   - idna  2.6
   - ipaddress 1.0.22
   - Jinja22.10
   - MarkupSafe1.0
   - ntlm-auth 1.1.0
   - paramiko  2.4.1
   - pip   10.0.1
   - pyasn10.4.3
   - pycparser 2.18
   - PyNaCl1.2.1
   - pywinrm   0.3.0
   - PyYAML3.12
   - requests  2.18.4
   - requests-ntlm 1.1.0
   - setuptools39.2.0
   - six   1.11.0
   - urllib3   1.22
   - wheel 0.31.1
   - xmltodict 0.11.0

Now what I am not able to understand is:
1. How should I try win_ping here?
2. Will it take my hosts file from etc/ansible/hosts?

I tried following command:
ansible all -m win_ping
 
[WARNING]:  * Failed to parse /etc/ansible/hosts with yaml plugin: Syntax 
Error while loading YAML.   expected
'', but found ''  The error appears to have been in 
'/etc/ansible/hosts': line 5, column 1,
but may be elsewhere in the file depending on the exact syntax problem.  
The offending line appears to be:
#RobotWindowsSer ansible_host=10.7.7.199 VATCS028.ARITST.LCL 
ansible_host=10.12.12.28 ^ here

 [WARNING]:  * Failed to parse /etc/ansible/hosts with ini plugin: 
/etc/ansible/hosts:14: Expected key=value, got:
ansible_winrm_server_cert_validation: ignore

 [WARNING]: Unable to parse /etc/ansible/hosts as an inventory source

 [WARNING]: No inventory was parsed, only implicit localhost is available

 [WARNING]: provided hosts list is empty, only localhost is available. Note 
that the implicit localhost does not
match 'all'

What is happening now?


On Thursday, May 24, 2018 at 3:20:24 PM UTC-7, Jordan Borean wrote:
>
> There is a conflict between a system package and pip trying to install 
> another package which in Pip 10 it doesn't handle properly. You can do 
> either of the following
>
>- Use a virtualenv and run Ansible from there 
>
> https://stackoverflow.com/questions/49916736/how-to-properly-handle-conflicting-distutils-libraries-with-pip
>- Install the packages for just the user "pip install pywinrm --user"
>- Skip the install of requests and continue to use the distuil 
>packaged version "pip install pywinrm --ignore-installed"
>
> That's what I would recommend you try
>
> Thanks
>
> Jordan
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/70393472-d927-4f9c-8cc1-fd62d206262b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Ansible windows patch trouble: Need help for Win Patch Automation using Ansible

2018-05-24 Thread Kanhaiya Ashtekar 
I have installed and created Virtualenv.
Installed pywinrm and this time with no errors.
I will get back over this to report how things worked ahead later.
I feel blessed reaching out here!


On Thu, May 24, 2018 at 3:20 PM Jordan Borean  wrote:

> There is a conflict between a system package and pip trying to install
> another package which in Pip 10 it doesn't handle properly. You can do
> either of the following
>
>- Use a virtualenv and run Ansible from there
>
> https://stackoverflow.com/questions/49916736/how-to-properly-handle-conflicting-distutils-libraries-with-pip
>- Install the packages for just the user "pip install pywinrm --user"
>- Skip the install of requests and continue to use the distuil
>packaged version "pip install pywinrm --ignore-installed"
>
> That's what I would recommend you try
>
> Thanks
>
> Jordan
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/17490ede-03b5-4951-82cb-01cc5eded027%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAHmTTEu3BGVqtkwY5LtUwnem5%3D161PNP5juAyr-2zo_BKK5mQw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible windows patch trouble: Need help for Win Patch Automation using Ansible

2018-05-24 Thread Jordan Borean 
There is a conflict between a system package and pip trying to install 
another package which in Pip 10 it doesn't handle properly. You can do 
either of the following

   - Use a virtualenv and run Ansible from there 
   
https://stackoverflow.com/questions/49916736/how-to-properly-handle-conflicting-distutils-libraries-with-pip
   - Install the packages for just the user "pip install pywinrm --user"
   - Skip the install of requests and continue to use the distuil packaged 
   version "pip install pywinrm --ignore-installed"

That's what I would recommend you try

Thanks

Jordan

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/17490ede-03b5-4951-82cb-01cc5eded027%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible windows patch trouble: Need help for Win Patch Automation using Ansible

2018-05-24 Thread ansible4windows 
after i ran the "pip install pywinrm" i am getting following error:

Installing collected packages: requests, ntlm-auth, pycparser, cffi, 
enum34, asn1crypto, cryptography, requests-ntlm, pywinrm
  Found existing installation: requests 2.6.0
Cannot uninstall 'requests'. It is a distutils installed project and thus 
we cannot accurately determine which files belong to it which would lead
to only a partial uninstall.



On Thursday, May 24, 2018 at 2:32:31 PM UTC-7, Jordan Borean wrote:
>
> pywinrm is not installed on the controller, run "pip install pywinrm" on 
> the Ansible host to install that.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/15d8eb6f-8b19-4ff5-a5be-72c7e3e093e9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible windows patch trouble: Need help for Win Patch Automation using Ansible

2018-05-24 Thread Jordan Borean 
pywinrm is not installed on the controller, run "pip install pywinrm" on 
the Ansible host to install that.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/8bf0fe58-ee7d-45c7-9895-c50d02f9b8f8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible windows patch trouble: Need help for Win Patch Automation using Ansible

2018-05-24 Thread ansible4windows 

   
   - Removed ansible_connection = local
   - Corrected to ansible_port=5985

Following error occured
abc012.abctst.lcl | FAILED! => {
"msg": "winrm or requests is not installed: No module named winrm"
}

But if i check on windows machine (abc012.abctst.lcl) run command "winrm 
quickconfig"
Output:
WinRM service is already running on this machine.
WinRM is already set up for remote management on this computer.

whats wrong now? :(

On Thursday, May 24, 2018 at 1:32:21 PM UTC-7, Jordan Borean wrote:
>
> Hey
>
> Here are some brief notes
>
>
>- Your host inventory defined ansible_connection twice, once as 
>ansible_connection=local and the other as ansible_connection=winrm. Use 
>local if you want to run things on the Ansible controller and use winrm 
>when you want to run something on the WIndows host
>- Use ansible_port instead of ansible_ssh_port
>- When connecting to WIndows hosts use win_ module, like win_ping 
>instead of ping
>- Your error is because you are trying to run win_ping over the local 
>connection where PowerShell isn't installed
>
> Thanks
>
> Jordan
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/0371610f-76ab-4925-bae2-8f96037d62a0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible windows patch trouble: Need help for Win Patch Automation using Ansible

2018-05-24 Thread Jordan Borean 
Hey

Here are some brief notes


   - Your host inventory defined ansible_connection twice, once as 
   ansible_connection=local and the other as ansible_connection=winrm. Use 
   local if you want to run things on the Ansible controller and use winrm 
   when you want to run something on the WIndows host
   - Use ansible_port instead of ansible_ssh_port
   - When connecting to WIndows hosts use win_ module, like win_ping 
   instead of ping
   - Your error is because you are trying to run win_ping over the local 
   connection where PowerShell isn't installed

Thanks

Jordan

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/926b8dfd-ad8d-4b0e-90ce-7ad50149783e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible windows patch trouble: Need help for Win Patch Automation using Ansible

2018-05-24 Thread ansible4windows 
Any help on this post please.






On Thursday, May 24, 2018 at 11:03:24 AM UTC-7, ansible...@gmail.com wrote:
>
> Hello, I am facing some problems in setting up patch automation in my 
> organization.
> For a quick walk through: We have 5 domains for the purpose of Production, 
> Staging, Testing and Application.
> I am working on machines in Test domain that has windows machines.
> I have my Ansible server setup in UAT(staging) domain.
>
> Ansible Jumpstation: RHEL 6 (64 bit)
> Windows Hosts: Windows Server 2012 R2, 2008 R2.
>
> Power Shell version 3.0
>
>  
>
>
> I have used following reference sources:
> Setting up a Windows Host 
>  
>
> Unable to run ConfigureRemotingForAnsible.ps1 
> 
>  on windows hosts. The Power Shell window closes after some execution.
>
> Checked services on machine: winrm service running.
>
> According to Sys. Admin: Ansible machine has no firewall restrictions (can 
> communicate to any and listen from any) 
>
>  
>
> I am using following fashion to definemy Hosts file:
>  
> #Window's Servers
> [abctst-win]
> abc012.abctst.lcl ansible_connection=local ansible_host= ip address
>
> [abctst-win:vars]
> ansible_ssh_port= 5985
> ansible_connection= winrm
>
>
> Output 1:
>
> [root@ansiblejmpst ansible]# ansible abctst-win -i hosts -m win_ping
>
> abc012.abctst.lcl | FAILED! => {
> "changed": false,
> "module_stderr": "/bin/sh: powershell: command not found\n",
> "module_stdout": "",
> "msg": "MODULE FAILURE",
> "rc": 127
> }
>
> Output 2:
>
> [root@ansiblejmpst ansible]# ansible abctst-win -i hosts -m ping
>
> abc012.abctst.lcl | SUCCESS => {
> "changed": false,
> "ping": "pong"
> }
>
>
> Question:
> Where am I doing wrong?
> What is that I am doing wrong?
> Is my way of defining host file correct? Am I passing all required 
> information in hosts file correct?
> Is there something I did wrong in setting up windows machine?
>
>
> Can I get a help here in this? I have to automate windows and linux 
> patching and I am stuck at start.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/a9692351-3179-4838-b051-a20f9e9d7dab%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible windows issue about running yml task

2018-03-14 Thread Jordan Borean 
Yep, the post above is your problem, you are trying to run a list of tasks 
under ansible-playbook when you need to structure it like a play. When 
referring to roles you can just have the tasks but the root playbook must 
include things like hosts, tasks, roles and so on as the root keys.

Thanks

Jordan

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/32c71fe0-e502-4aa0-8f0b-c3ee98622683%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible windows issue about running yml task

2018-03-14 Thread Tony Chia 
do you have "tasks:" defined before your win_file?

try this

- hosts: all
  tasks:
  - name: Create directory structure
   win_file:
path: C:\Temp\folder\subfolder
state: directory



On Wednesday, March 14, 2018 at 4:35:40 AM UTC-7, selim sarısu wrote:
>
> Hi Friends ,
>
> When I tried to run any .yml task on the Ansible , I get following error ;
>
> My Syntax is here , 
>
> - name: Create directory structure
>   win_file:
> path: C:\Temp\folder\subfolder
> state: directory
>
>
>
> ERROR! 'win_file' is not a valid attribute for a Play
>
> The error appears to have been in '/etc/ansible/create.yml': line 1, 
> column 3, but may
> be elsewhere in the file depending on the exact syntax problem.
>
> The offending line appears to be:
>
>
> - name: Create directory structure
>   ^ here
>
> Any ideal ? 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/163fb7d5-66de-42d3-8e7b-78b564650adf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible windows issue about running yml task

2018-03-14 Thread lpescatore via Ansible Project 
This is one of my plays.

  - name: Make Tools folder

win_file:

  path: C:\Tools

  state: directory


  - name: Make build folder

win_file:

  path: C:\build

  state: directory


  - name: Make TEMP folder

win_file:

  path: C:\TEMP

  state: directory


  - name: Make log folder inside of temp

win_file:

  path: C:\TEMP\log

  state: directory

On Wednesday, March 14, 2018 at 4:35:40 AM UTC-7, selim sarısu wrote:
>
> Hi Friends ,
>
> When I tried to run any .yml task on the Ansible , I get following error ;
>
> My Syntax is here , 
>
> - name: Create directory structure
>   win_file:
> path: C:\Temp\folder\subfolder
> state: directory
>
>
>
> ERROR! 'win_file' is not a valid attribute for a Play
>
> The error appears to have been in '/etc/ansible/create.yml': line 1, 
> column 3, but may
> be elsewhere in the file depending on the exact syntax problem.
>
> The offending line appears to be:
>
>
> - name: Create directory structure
>   ^ here
>
> Any ideal ? 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/4466651a-25d0-4a1c-b02e-d37c9dbc1d9e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible windows issue about running yml task

2018-03-14 Thread lpescatore via Ansible Project 
You don't have whitespace right, which Ansible is very finicky about. 
Try:

- name: Create directory structure
  win_file:
  path: C:\Temp\folder\subfolder
  state: directory

Don't use "tab" keys, use your space bar.

HTH,
Larry

On Wednesday, March 14, 2018 at 4:35:40 AM UTC-7, selim sarısu wrote:
>
> Hi Friends ,
>
> When I tried to run any .yml task on the Ansible , I get following error ;
>
> My Syntax is here , 
>
> - name: Create directory structure
>   win_file:
> path: C:\Temp\folder\subfolder
> state: directory
>
>
>
> ERROR! 'win_file' is not a valid attribute for a Play
>
> The error appears to have been in '/etc/ansible/create.yml': line 1, 
> column 3, but may
> be elsewhere in the file depending on the exact syntax problem.
>
> The offending line appears to be:
>
>
> - name: Create directory structure
>   ^ here
>
> Any ideal ? 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/a1ea648d-3f2e-4de0-9ce9-624fbc38f851%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible Windows MSI

2017-10-10 Thread Jordan Borean 
There are no plans to do this, the ConfigureRemotingForAnsible.ps1 script 
does what we need so far and is only meant to be used for development 
purposes. When running in a production environment you should have your own 
process that fulfils your requirements both on a technical and security 
side. This can include running one of your own scripts in the imaging 
process or using GPO to manage the WinRM service.

Is there something you feel is missing that would warrant an MSI?

Thanks

Jordan

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6f8006e7-5764-43ef-b2df-6b190fa6a1f3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible Windows: Add account to group administrators FR/US

2017-07-11 Thread fanchfanch44 
Hello Jordan,

Thank you very mutch. I had the same raissonement with a custom script.
Yesterday, i created a specifical script to ckeck a groups.

function Get-AdministratorsGroupName {

$LocalGroup = @('Administrators', 'Administrateurs', 'Domain Admins')

foreach ($Group in $LocalGroup){
Try{
if(([adsi]"WinNT://./$Group,group").psbase.Invoke('Members')){
return $Group
}
} catch {}
}
}

Get-AdministratorsGroupName


Regards


Le lundi 10 juillet 2017 22:41:57 UTC+2, Jordan Borean a écrit :
>
> Hey
>
> One thing you can do is use the win_region module 
> https://docs.ansible.com/ansible/win_region_module.html to change the 
> region of your hosts to a common value. If this isn't what you can do, you 
> can also run an adhoc command to determine the group name based on the SID. 
> Give the below tasks a shot and see if it returns what you are looking for.
>
> - name: get group name from sid
>>   win_command: powershell.exe "((New-Object 
>> System.Security.Principal.SecurityIdentifier('S-1-5-32-544')).Translate([System.Security.Principal.NTAccount]).Value
>>  
>> -split '\\')[1]"
>>   register: admin_group 
>
> - debug:
>> var: admin_group.stdout_lines[0]
>
>
> It looks up the group name based on the SID 'S-1-5-32-544' which is the 
> default SID for the local administrators group and should be consistent 
> across all Windows OS'.
>
> Thanks
>
> Jordan
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/485b3cb2-b309-4031-9268-14ae36260fcd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible Windows: Add account to group administrators FR/US

2017-07-10 Thread Jordan Borean 
Hey

One thing you can do is use the win_region 
module https://docs.ansible.com/ansible/win_region_module.html to change 
the region of your hosts to a common value. If this isn't what you can do, 
you can also run an adhoc command to determine the group name based on the 
SID. Give the below tasks a shot and see if it returns what you are looking 
for.

- name: get group name from sid
>   win_command: powershell.exe "((New-Object 
> System.Security.Principal.SecurityIdentifier('S-1-5-32-544')).Translate([System.Security.Principal.NTAccount]).Value
>  
> -split '\\')[1]"
>   register: admin_group 

- debug:
> var: admin_group.stdout_lines[0]


It looks up the group name based on the SID 'S-1-5-32-544' which is the 
default SID for the local administrators group and should be consistent 
across all Windows OS'.

Thanks

Jordan

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1e2becfc-23ab-405a-bd57-3fc4730d64e1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible Windows

2017-04-19 Thread Jordan Borean 
A list of authentication options that are available to a Windows host through 
WinRM are shown here 
http://docs.ansible.com/ansible/intro_windows.html#authentication-options. In 
short if you need to authenticate with a domain account Kerberos is recommended 
as it is the most secure but NTLM and CredSSP are other options if Kerberos 
isn't a choice in your environment for whatever reason.

Regardless of the auth option you will need to use an account that is a local 
administrator of your box due to the security requirements of WinRM. There are 
ways to allow a lower priviledged account access but that is quite complex and 
should be ignored until you first get a successful connection.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6db105bb-c0d3-4544-ad7e-0d2b5dc289ca%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible Windows

2017-04-19 Thread 'J Hawkesworth' via Ansible Project 
No you can't do ssh connections to (unmodified) windows machines at the 
moment, unfortunately.  
Even if you did set up a third-party ssh server on windows, to use the 
ansible windows modules, you have to be using 'winrm' transport, and would 
likely have to go to a lot of trouble to allow suitable access rights so 
that you could do useful managment activities, such as installing software.

Its true you do not have to use kerberos, but you will still need to 
connect as a user with sufficient privileges to allow you to perform 
administrative tasks.

You only actually need to set up kerberos client and configure 
/etc/krb5.conf to point at your existing Active Directory domain 
controllers in order to use windows domain users.

Hope this helps,

Jon


On Wednesday, April 19, 2017 at 8:25:57 PM UTC+1, mahmoud...@experitest.com 
wrote:
>
> We are testing ansible with our automation projects , we have a lot of 
> VM's and & PC's.
>
> I'm trying to get ansible working and stuck here , I've got it installed 
> on a VM CENTOS Machine . And on a windows machine too .
> I'm stuck in the connection phase between them, the kerberos is not 
> working , I think I need to install the kerberos server on the linux VM to 
> make it work .
>
> But if we do not need any authentications , we dont need kerberos, can't 
> we do it through simple SSH connection ?
> I'll be thankful if somebody can help me with this issue .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/ccd4c671-fabe-4dc5-abc4-fad40aa87cdf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible Windows become_user per task?

2017-03-02 Thread Matt Davis 
Yeah, docs forthcoming for this stuff, but you need to specify a couple 
more things to make it work (since the global *nix defaults don't make 
sense under Windows):

First and foremost, you never actually said you want to "become", just 
"who" you want to become- you need to add "become: yes" (this is not 
Windows-specific). Then you need to tell us which become method to use 
(become_method: runas), as the default "sudo" isn't implemented on Windows. 
You can set these at either the play or task level, as necessary, but 
"become: yes" is the key to actually making a task run as someone else- the 
rest is just "how". See below for a sample.

Also, there's a bug right now that's preventing become from working under 
NTLM and Kerberos auth (fails with "Access is denied"), so you can only use 
it with Basic, CredSSP, and Certificate auth (hoping to nail this one down 
in the next few days).

Hope that helps...

-Matt

(ansible-dev) [mdavis@mdavis-t460p win2012r2-domain]$ cat become.yml
- hosts: member1
  gather_facts: no
  become_method: runas
  tasks:
  - name: as default user
win_shell: whoami

  - name: as administrator
become: yes
become_user: administrator
win_shell: whoami



(ansible-dev) [mdavis@mdavis-t460p win2012r2-domain]$ ansible-playbook -i 
hosts become.yml -vv -K
No config file found; using defaults
SUDO password: 

PLAYBOOK: become.yml 
***
1 plays in become.yml

PLAY [member1] 
*
META: ran handlers

TASK [as default user] 
*
task path: /home/mdavis/vm/win2012r2-domain/become.yml:5
changed: [member1] => {"changed": true, "cmd": "whoami", "delta": 
"0:00:00.156427", "end": "2017-03-02 11:29:12.986398", "rc": 0, "start": 
"2017-03-02 11:29:12.829970", "stderr": "", "stderr_lines": [], "stdout": 
"ansible\\testguy\r\n", "stdout_lines": ["ansible\\testguy"]}

TASK [as administrator] 

task path: /home/mdavis/vm/win2012r2-domain/become.yml:8
changed: [member1] => {"changed": true, "cmd": "whoami", "delta": 
"0:00:00.187422", "end": "2017-03-02 11:29:13.876657", "rc": 0, "start": 
"2017-03-02 11:29:13.689234", "stderr": "", "stderr_lines": [], "stdout": 
"ansible\\testguy\r\n", "stdout_lines": ["ansible\\testguy"]}
META: ran handlers
META: ran handlers

PLAY RECAP 
*
member1: ok=2changed=2unreachable=0failed=0 
  



On Wednesday, March 1, 2017 at 10:32:21 PM UTC-8, b...@tanners.org wrote:
>
> Is there a way to "become_user" per task on a Windows?
>
> - name: Install programs (win_shell)
>   win_shell: "{{ item.dest }}/{{ item.program }} {{ item.arguments }}"
>   register: cmd
>   when:
> - window_packages is defined
>   with_items:
> - "{{ window_packages }}"
>   become_user: bob
>   tags: win_workstation2
>
> Running the command with - shows I'm still WINRM as the Administrator
>
>  ESTABLISH WINRM CONNECTION FOR USER: 
> Administrator@CORP.LOCAL on PORT 5986 TO PC130.corp.local EXEC (via 
> pipeline wrapper)
>
> Not sure how to check what user the task is running as but I don't find 
> the stuff I'd expect in AppData\Local
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/bad6e83e-066c-42d2-98eb-f79457920d62%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Ansible windows modules

2016-09-07 Thread Takeshi Kuramochi 
Hi Stavris,

I am not familiar with DISM tool then I have not tried this workaround yet.
For example, if the system has already the KB, this task does nothing,
on the other hands this system does not have the KB it should be fixed
the KB by this task ( it called idempotence ).
I would like to run it in offline after copy already the KB has been
downloaded to that system and expand.


Thank you.

Takeshi,

2016-09-07 1:38 GMT+09:00 Stavros :
> Hello Takeshi,
>
> what do you actually mean by asking if the workaround has idempotence? That
> you run this and nothing changes/happens on the target host?
>
> If you tried it so far, then you can see if the .Net Framework is installed
> only by searching the installed Windows updates. There you will find an
> update with the KB number according to the Windows OS (2012 or 8.1 or ...)
> version that your target host has.
>
> Best Regards
> Stavros
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/0ee7135b-74b7-4305-b46a-24565dcbe6b3%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAOpn5sRzw8vNqFQmtb2ox%2BTm%3DHXS4giPmjg4kr7G7DzADWb5Lw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Ansible windows modules

2016-09-06 Thread Stavros 
Hello Takeshi,

what do you actually mean by asking if the workaround has idempotence? That 
you run this and nothing changes/happens on the target host?

If you tried it so far, then you can see if the .Net Framework is installed 
only by searching the installed Windows updates. There you will find an 
update with the KB number according to the Windows OS (2012 or 8.1 or ...) 
version that your target host has.

Best Regards
Stavros


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/0ee7135b-74b7-4305-b46a-24565dcbe6b3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Ansible windows modules

2016-09-05 Thread Takeshi Kuramochi 
Hello Stavos,

I would like to run the ansible to use your workaround for ms patch.
By the way, can your workaround have Idempotence ?

BestRegards,

Takeshi



2016-02-29 18:36 GMT+09:00 Stavros :
> Hi Quang,
>
> you can also try to extract the x64-Windows8.1-KB2934520-x64.msu, which will
> give you the Windows8.1-KB2934520-x64.cab. For the installation try this:
>
> DISM.exe /Online /Add-Package
> /PackagePath:C:\Temp\Windows8.1-KB2934520-x64.cab /NoRestart /Quiet
>
>
> You'll have to reboot the server after the installation, so it's up to you
> to set the /NoRestart parameter...or not..
>
> Stavros
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/6d0ce3c3-39e5-442a-8a24-f949c11186e3%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAOpn5sRwANgKzSonMna8hiVJ_0r2mC3Ox5a8OdC95NUBCo9MfA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: ansible windows raw module no response?

2016-08-01 Thread 'J Hawkesworth' via Ansible Project 
An optional configurable timeout would be nice, but I have some tasks that 
run for over 60 minutes so I would not want a short default.

Can you use Remote Desktop to check if your program is well perhaps?

On Monday, August 1, 2016 at 2:02:45 PM UTC+1, fcx...@gmail.com wrote:
>
>  Thanks for your answer.I am not sure whether my program is well.But I 
> think ansible should close the task if the task exec too long.
>
> 在 2016年7月28日星期四 UTC+8上午7:34:49,J Hawkesworth写道:
>>
>> If it is always running then may be you need to set up whatever the 
>> run.bat does as a windows service.  
>> You can install nssm.exe and use win_nssm module to install programs as 
>> services, and then use the win_service module to start and stop them.
>>
>> You can use fetch module against windows machines if you just want to 
>> fetch log files when you run your playbook too.
>>
>> There are lots of programs around that can collect log files and forward 
>> them to another machine for processing. Two that I have heard of, but not 
>> used are NXLOG and Elastic Filebeat.
>>
>> Hope this helps,
>>
>> Jon
>>
>>
>>
>> On Wednesday, July 27, 2016 at 5:28:56 PM UTC+1, fcx...@gmail.com wrote:
>>>
>>> I just want to run my bat by raw module,like 
>>> - name: exec run.bat
>>>  raw: C:\run.bat
>>>
>>> The bat is about a program that get logs,so it will be always 
>>> running,like Daemon. When I exec ansible-playbook,the task can't go on.How 
>>> can I do?
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/0d96f5ec-a180-4dce-adc3-3eb0189062a9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: ansible windows raw module no response?

2016-08-01 Thread fcxjluo 
 Thanks for your answer.I am not sure whether my program is well.But I 
think ansible should close the task if the task exec too long.

在 2016年7月28日星期四 UTC+8上午7:34:49,J Hawkesworth写道:
>
> If it is always running then may be you need to set up whatever the 
> run.bat does as a windows service.  
> You can install nssm.exe and use win_nssm module to install programs as 
> services, and then use the win_service module to start and stop them.
>
> You can use fetch module against windows machines if you just want to 
> fetch log files when you run your playbook too.
>
> There are lots of programs around that can collect log files and forward 
> them to another machine for processing. Two that I have heard of, but not 
> used are NXLOG and Elastic Filebeat.
>
> Hope this helps,
>
> Jon
>
>
>
> On Wednesday, July 27, 2016 at 5:28:56 PM UTC+1, fcx...@gmail.com wrote:
>>
>> I just want to run my bat by raw module,like 
>> - name: exec run.bat
>>  raw: C:\run.bat
>>
>> The bat is about a program that get logs,so it will be always 
>> running,like Daemon. When I exec ansible-playbook,the task can't go on.How 
>> can I do?
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/45139a14-67ba-4636-bed6-3ba4ecee18c0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: ansible windows raw module no response?

2016-07-27 Thread 'J Hawkesworth' via Ansible Project 
If it is always running then may be you need to set up whatever the run.bat 
does as a windows service.  
You can install nssm.exe and use win_nssm module to install programs as 
services, and then use the win_service module to start and stop them.

You can use fetch module against windows machines if you just want to fetch 
log files when you run your playbook too.

There are lots of programs around that can collect log files and forward 
them to another machine for processing. Two that I have heard of, but not 
used are NXLOG and Elastic Filebeat.

Hope this helps,

Jon



On Wednesday, July 27, 2016 at 5:28:56 PM UTC+1, fcx...@gmail.com wrote:
>
> I just want to run my bat by raw module,like 
> - name: exec run.bat
>  raw: C:\run.bat
>
> The bat is about a program that get logs,so it will be always running,like 
> Daemon. When I exec ansible-playbook,the task can't go on.How can I do?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/a988753b-2d1d-4706-9a80-bd05a1a2afc3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible Windows Winrm Authentication or permission failure.

2016-06-09 Thread Mike C 
I ran into this same problem with ansible 2.1.0.0, correctly configured 
winrm and powershell.  The solution was adding the powershell directory to 
the PATH on the target machine.  The ansible error messages have so far 
never been related to the actual problem, which is kind of impressive.

On Monday, January 25, 2016 at 11:02:45 AM UTC-6, J Hawkesworth wrote:
>
> Someone else has posted something simliar as a bug report here - 
> https://github.com/ansible/ansible/issues/14085
>
> Since both you and the bug reporter are experiencing a failure to create a 
> directory in the user's temp folder, I'm wondering if your users' temp 
> folder is actually present?
>
> The command that is failing in your case is as follows:
>
> Set-StrictMode -Version Latest
> (New-Item -Type Directory -Path $env:temp -Name 
> "ansible-tmp-1453456566.48-573286182894").FullName | Write-Host -Separator 
> '';
>
> can you run the following and see if you get an error message?
>
>gci -Path $env:temp
>
> (interactively and via the 'raw' module too, preferably).
>
> Not sure what is going on but hoping this might throw some light on the 
> problem.
>
> Jon
>
>
>
>
>
>
> On Monday, January 25, 2016 at 4:39:00 PM UTC, Joe Levis wrote:
>>
>> Hm, that's interesting. It doesn't make sense that raw commands work but 
>> not the basic win_ping module. Yes, it does sound like it's something to do 
>> with your module or pywinrm setup.
>>
>> My main issue for connection was with kerberos, but that's because the 
>> user I'm using to authenticate with is a Domain AD account. I'm assuming 
>> your user isn't, since I see vagrant. In which case, the only other thing I 
>> noted in my documentation was that I installed:
>> apt-get install libffi-dev libssl-dev
>>
>> DISCLAIMER: I haven't tested if I absolutely needed those. I tried a lot 
>> of different things based on postings I found during my Ansible+Windows 
>> setup.
>>
>> Let me know what you find from running other modules.
>>
>>
>> -Joe
>>
>> On Saturday, January 23, 2016 at 9:26:03 AM UTC-8, Dan Gibbons wrote:
>>>
>>> Hi Joe,
>>>
>>> Thanks for getting back to me I did both the items when I setup the 
>>> control server and windows client.  Upon further investigation I can 
>>> successfully execute raw commands which shows the config is correct, it's 
>>> just the win_pin that fails for some reason so I presume I can't run 
>>> modules.  I'll try another module when I get back to work but if you have 
>>> any other suggestions please let me know.
>>>
>>> Thanks
>>>
>>> Dan
>>>
>>>
>>>
>>>
>>> On Friday, 22 January 2016 18:14:54 UTC, Joe Levis wrote:

 Hi Dan,

 I ran into a lot of issues when trying to get Ansible to connect to my 
 remote Windows Server 2012 R2 VM. I finally got it working - maybe my 
 solutions will help you.

 *A couple questions:*

1. Did you set up your Ansible Control Machine following the 
official documentation to a tee (
http://docs.ansible.com/ansible/intro_windows.html)?
2. Have you run the remote setup PS1 script on the target server (

 https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1
)?


 On Friday, January 22, 2016 at 9:00:30 AM UTC-8, Dan Gibbons wrote:
>
> Hi,
>
> I'm doing a POC with Ansible and Puppet but currently I can't even get 
> Ansible to talk to Windows using WinRM.  Here is my setup in Vagrant:
>
> Control server
> Centos 7.1 with all the right extras installed (pywinrm etc)
>
> group_vars/windows.yml
> ansible_user: vagrant
> ansible_password: vagrant
> ansible_port: 5985
> ansible_connection: winrm
> ansible_winrm_server_cert_validation: ignore
>
> Windows 2012 R2
> - Powershell winrm is pretty much open in terms of config (basic auth, 
> allow unencypted)
>
>
> I've tested winrm connections from the ansible server using the 
> following python script:
> import winrm
>
> import winrm
>
> s = winrm.Session('http://192.168.33.12:5985/wsman', auth=('user', 
> 'password'))
> r = s.run_cmd('ipconfig', ['/all'])
> print r.status_code
> print r.std_out
> print r.std_err
>
> This works successfully and my host Windows desktop can winrm to the 
> target server as well.
>
> But Ansible just will not work always giving me the following error:
>
> [root@ansible ansible]# ansible windows -m win_ping -v
> Using /ansible/ansible.cfg as config file
> Loaded callback minimal of type stdout, v2.0
> <192.168.33.12> ESTABLISH WINRM CONNECTION FOR USER: vagrant on PORT 
> 5985 TO 192.168.33.12
> <192.168.33.12> WINRM CONNECT: transport=plaintext endpoint=
> http://192.168.33.12:5985/wsman
> <192.168.33.12> EXEC /bin/sh -c 'PowerShell -NoProfile -NonInteractive 
> -ExecutionPolicy Unrestricted -EncodedCommand 
>

[ansible-project] Re: Ansible windows modules

2016-02-29 Thread Quang Truong 
Actually, when I update with all the latest updates from Windows, I can go 
through the problem, means, with the latest Windows update, you're good 
with msu installation.

Thank you all!

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/35814d06-7d57-4b1d-8d99-9207e356d553%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible windows modules

2016-02-29 Thread Stavros 
Hi Quang,

you can also try to extract the x64-Windows8.1-KB2934520-x64.msu, which 
will give you the Windows8.1-KB2934520-x64.cab. For the installation try 
this:

DISM.exe /Online /Add-Package /PackagePath:C:\Temp\Windows8.1-KB2934520-x64.cab 
/NoRestart /Quiet


You'll have to reboot the server after the installation, so it's up to you 
to set the /NoRestart parameter...or not..

Stavros

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6d0ce3c3-39e5-442a-8a24-f949c11186e3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible windows modules

2016-02-27 Thread 'J Hawkesworth' via Ansible Project 
I have used the workaround described in the article to install a hotfix. I 
expanded the .msu and then used raw to run dism.exe to install the expanded 
file, so I hope the same workaround will work for you. 

Hope this helps, 

Jon 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/c209b6a0-a2bc-44ba-aec2-560e2e566dfb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible windows modules

2016-02-26 Thread Quang Truong 
The problem with installing msu file via WinRM (as Ansible uses Py connects 
to window host via WinRM). I grab this article on the net 
(http://www.hurryupandwait.io/blog/safely-running-windows-automation-operations-that-typically-fail-over-winrm-or-powershell-remoting)
 
and this one from MS (https://support.microsoft.com/en-us/kb/2773898) but 
seems there is an update has fixed it.

Trying to run Window update for my environment to see how it goes.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/0d570849-3d82-423e-801d-ae9bc50cbecf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible windows modules

2016-02-24 Thread Quang Truong 
Hi Stavros,

I think you're right on x64-Windows8.1-KB2934520-x64.msu. I tried to dumb 
the installation log and found access denied when running the web 
installation package.

I think there is something wrong on my environment setting that cause about 
security issue, try with another environment, it works like a charm :(

Hi Jon,
I have tried with Administrator account but no luck
For my account in administrators group, I have to disable the UAC in order 
to run it (even manual run the installation package)

Will keep you post on my finding
Quang

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/dc075265-5a25-4724-9516-e33cf98ed188%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible windows modules

2016-02-24 Thread 'J Hawkesworth' via Ansible Project 
Quang,

I suggest you try running the installation as a user with Administrative 
privileges.  You may also find you need to temporarily disable UAC 
prompting for Administrative users only, which on Server 2012 R2 can be 
achieved by modifying

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:

To re-enable UAC prompting for Administrative users, set
"ConsentPromptBehaviorAdmin"=dword:0005

Hope this helps,

Jon

On Wednesday, 24 February 2016 09:50:29 UTC, Stavros wrote:
>
> I'm using the following code for installing msi's, e.g.:
>
> $msi = @('D:\Temp\Pscx-3.2.0.msi', 'D:\Temp\notep.msi')
> foreach ($msifile in $msi)
> {
> Start-Process -FilePath "$env:systemroot\system32\msiexec.exe" 
> -ArgumentList "/i `"$msifile`" /qn /passive" -Wait
> }
>
> Stavros
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/14d2178e-ffc2-48e7-8dca-fef6806b3545%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible windows modules

2016-02-24 Thread Stavros 
I'm using the following code for installing msi's, e.g.:

$msi = @('D:\Temp\Pscx-3.2.0.msi', 'D:\Temp\notep.msi')
foreach ($msifile in $msi)
{
Start-Process -FilePath "$env:systemroot\system32\msiexec.exe" 
-ArgumentList "/i `"$msifile`" /qn /passive" -Wait
}

Stavros

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/a7536446-d113-4e6e-b54c-f6b6ed57bb38%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible windows modules

2016-02-23 Thread Quang Truong 
Jon,

I have tried with win_package, as .NET framework 4.5 can not be uninstalled 
so I just grab a fake product_id (not sure for the other but for me, I'm 
using ansible 1.9.3 and product_id param should be *productid* without 
dash) and the results are the same as using raw command. If I use the 
offline package then receive error 16389 and use the web package then the 
installation runs in middle then stop with error 5. Still no luck so far.

I will try to upgrade to 2.0 then use win_acl to overcome the error 5 or 
win_webpicmd. 


Stavros,

I can run the installation without ansible for offline package (copy this 
package into the remote machine):
- Use powershell to call on the remote machine
- Use paexec and call the exe from remote

Thank you for your update.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5606d671-e769-4534-b48f-20b947a89b9e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible windows modules

2016-02-23 Thread Stavros 
The NDP452-KB2901907-x86-x64-AllOS-ENU.exe package contains the framework 
for various Windows versions. 
Have you tried to install it from the cli? E.g. start powershell as admin 
and try to install it?

In my case, I wrote a playbook in order to install it on a W2012R2 using 
ansible. Here an overview of the steps:
- copy this exe file to the remote host
- extract it
- in case of W2012R2 you will need the x64-Windows8.1-KB2934520-x64.msu, 
which you can install as next step
- finally the remote host has to be rebooted

Stavros

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/7869a13f-cd85-43cc-ab55-94c257fa4afa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible windows modules

2016-02-23 Thread 'J Hawkesworth' via Ansible Project 
I would recommend trying the win_package module which can take properties 
and, if you capture the product_id you can use that in your playbook to 
make sure it only attempts installation once.

Hope this helps,

Please report back if this works for you so others can learn from your 
experience.

Many thanks

Jon

On Tuesday, 23 February 2016 04:02:23 UTC, Quang Truong wrote:
>
> Hi all,
>
> I start learning Ansible to run some deployment tasks on Windows platform. 
> I encounter some hiccups with Windows modules as below:
>
> - Install the executable package (.NET 4.5.2 framework)
>
>
>- I download the offline installer (
>https://www.microsoft.com/en-us/download/details.aspx?id=42642) then 
>run the installation with a raw command from my playbook then it return an 
>error ("rc": 16389)
>
> failed: [x.x.x.x] => {"rc": 16389}
> stdout: An error was encountered.
>  
>
> Unspecified error  
>
>
>- I did some searching then this error might relate to the cache size 
>then I use the Web installation (
>https://www.microsoft.com/en-us/download/details.aspx?id=42643) then 
>Ansible can run the package and download the package in middle then throw 
>an error ("rc" 5) (something relates to access denied). I try to use with 
>administrator account for the host inventory but no luck with that move
>
>  - Install an MSI with properties
>
>
>- I try to use win_msi module and see the win_msi.ps1 script that 
>execute the installation by "msiexec.exe /i $params.path /qb /l 
>$logfile $extra_args;" so I try to input the properties within the path 
>parameter, for ex: C:\tool.msi property1=A perty2=b. However, seems my 
>syntax is not correct with the parse function then I got this error
>
> This installation package could not be opened. Verify that the package 
> exists and that you can access it, or contact the application vendor to 
> verify that this is a valid Windows Installer package. 
>
>
>- Then I try to run the raw command in playbook: raw: msiexec.exe /i 
>C:\Tool.msi property1=a property2=b /qn . This way can install this msi, 
> in 
>conclusion, we can't not the win_msi module at the moment for installation 
>with properties?
>
>
> Thank you very much for your help
> Quang 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/29f920ba-f062-48a4-a0b9-c74bdea19d18%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible Windows Winrm Authentication or permission failure.

2016-01-25 Thread J Hawkesworth 
Someone else has posted something simliar as a bug report here 
- https://github.com/ansible/ansible/issues/14085

Since both you and the bug reporter are experiencing a failure to create a 
directory in the user's temp folder, I'm wondering if your users' temp 
folder is actually present?

The command that is failing in your case is as follows:

Set-StrictMode -Version Latest
(New-Item -Type Directory -Path $env:temp -Name 
"ansible-tmp-1453456566.48-573286182894").FullName | Write-Host -Separator 
'';

can you run the following and see if you get an error message?

   gci -Path $env:temp

(interactively and via the 'raw' module too, preferably).

Not sure what is going on but hoping this might throw some light on the 
problem.

Jon






On Monday, January 25, 2016 at 4:39:00 PM UTC, Joe Levis wrote:
>
> Hm, that's interesting. It doesn't make sense that raw commands work but 
> not the basic win_ping module. Yes, it does sound like it's something to do 
> with your module or pywinrm setup.
>
> My main issue for connection was with kerberos, but that's because the 
> user I'm using to authenticate with is a Domain AD account. I'm assuming 
> your user isn't, since I see vagrant. In which case, the only other thing I 
> noted in my documentation was that I installed:
> apt-get install libffi-dev libssl-dev
>
> DISCLAIMER: I haven't tested if I absolutely needed those. I tried a lot 
> of different things based on postings I found during my Ansible+Windows 
> setup.
>
> Let me know what you find from running other modules.
>
>
> -Joe
>
> On Saturday, January 23, 2016 at 9:26:03 AM UTC-8, Dan Gibbons wrote:
>>
>> Hi Joe,
>>
>> Thanks for getting back to me I did both the items when I setup the 
>> control server and windows client.  Upon further investigation I can 
>> successfully execute raw commands which shows the config is correct, it's 
>> just the win_pin that fails for some reason so I presume I can't run 
>> modules.  I'll try another module when I get back to work but if you have 
>> any other suggestions please let me know.
>>
>> Thanks
>>
>> Dan
>>
>>
>>
>>
>> On Friday, 22 January 2016 18:14:54 UTC, Joe Levis wrote:
>>>
>>> Hi Dan,
>>>
>>> I ran into a lot of issues when trying to get Ansible to connect to my 
>>> remote Windows Server 2012 R2 VM. I finally got it working - maybe my 
>>> solutions will help you.
>>>
>>> *A couple questions:*
>>>
>>>1. Did you set up your Ansible Control Machine following the 
>>>official documentation to a tee (
>>>http://docs.ansible.com/ansible/intro_windows.html)?
>>>2. Have you run the remote setup PS1 script on the target server (
>>>
>>> https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1
>>>)?
>>>
>>>
>>> On Friday, January 22, 2016 at 9:00:30 AM UTC-8, Dan Gibbons wrote:

 Hi,

 I'm doing a POC with Ansible and Puppet but currently I can't even get 
 Ansible to talk to Windows using WinRM.  Here is my setup in Vagrant:

 Control server
 Centos 7.1 with all the right extras installed (pywinrm etc)

 group_vars/windows.yml
 ansible_user: vagrant
 ansible_password: vagrant
 ansible_port: 5985
 ansible_connection: winrm
 ansible_winrm_server_cert_validation: ignore

 Windows 2012 R2
 - Powershell winrm is pretty much open in terms of config (basic auth, 
 allow unencypted)


 I've tested winrm connections from the ansible server using the 
 following python script:
 import winrm

 import winrm

 s = winrm.Session('http://192.168.33.12:5985/wsman', auth=('user', 
 'password'))
 r = s.run_cmd('ipconfig', ['/all'])
 print r.status_code
 print r.std_out
 print r.std_err

 This works successfully and my host Windows desktop can winrm to the 
 target server as well.

 But Ansible just will not work always giving me the following error:

 [root@ansible ansible]# ansible windows -m win_ping -v
 Using /ansible/ansible.cfg as config file
 Loaded callback minimal of type stdout, v2.0
 <192.168.33.12> ESTABLISH WINRM CONNECTION FOR USER: vagrant on PORT 
 5985 TO 192.168.33.12
 <192.168.33.12> WINRM CONNECT: transport=plaintext endpoint=
 http://192.168.33.12:5985/wsman
 <192.168.33.12> EXEC /bin/sh -c 'PowerShell -NoProfile -NonInteractive 
 -ExecutionPolicy Unrestricted -EncodedCommand 
 UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAoAE4AZQB3AC0ASQB0AGUAbQAgAC0AVAB5AHAAZQAgAEQAaQByAGUAYwB0AG8AcgB5ACAALQBQAGEAdABoACAAJABlAG4AdgA6AHQAZQBtAHAAIAAtAE4AYQBtAGUAIAAiAGEAbgBzAGkAYgBsAGUALQB0AG0AcAAtADEANAA1ADMANAA1ADYANQA2ADYALgA0ADgALQA1ADcAMwAyADgANgAxADgAMgA4ADkANAAiACkALgBGAHUAbABsAE4AYQBtAGUAIAB8ACAAVwByAGkAdABlAC0ASABvAHMAdAAgAC0AUwBlAHAAYQByAGEAdABvAHIAIAAnACcAOwA='
 <192.168.33.12> WINRM OPEN SHELL: C6B534E7-4F4B-4AEB-B34A-97FE55EB0225
 <192.168.33.12>

[ansible-project] Re: Ansible Windows Winrm Authentication or permission failure.

2016-01-25 Thread Joe Levis 
Hm, that's interesting. It doesn't make sense that raw commands work but 
not the basic win_ping module. Yes, it does sound like it's something to do 
with your module or pywinrm setup.

My main issue for connection was with kerberos, but that's because the user 
I'm using to authenticate with is a Domain AD account. I'm assuming your 
user isn't, since I see vagrant. In which case, the only other thing I 
noted in my documentation was that I installed:
apt-get install libffi-dev libssl-dev

DISCLAIMER: I haven't tested if I absolutely needed those. I tried a lot of 
different things based on postings I found during my Ansible+Windows setup.

Let me know what you find from running other modules.


-Joe

On Saturday, January 23, 2016 at 9:26:03 AM UTC-8, Dan Gibbons wrote:
>
> Hi Joe,
>
> Thanks for getting back to me I did both the items when I setup the 
> control server and windows client.  Upon further investigation I can 
> successfully execute raw commands which shows the config is correct, it's 
> just the win_pin that fails for some reason so I presume I can't run 
> modules.  I'll try another module when I get back to work but if you have 
> any other suggestions please let me know.
>
> Thanks
>
> Dan
>
>
>
>
> On Friday, 22 January 2016 18:14:54 UTC, Joe Levis wrote:
>>
>> Hi Dan,
>>
>> I ran into a lot of issues when trying to get Ansible to connect to my 
>> remote Windows Server 2012 R2 VM. I finally got it working - maybe my 
>> solutions will help you.
>>
>> *A couple questions:*
>>
>>1. Did you set up your Ansible Control Machine following the official 
>>documentation to a tee (
>>http://docs.ansible.com/ansible/intro_windows.html)?
>>2. Have you run the remote setup PS1 script on the target server (
>>
>> https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1
>>)?
>>
>>
>> On Friday, January 22, 2016 at 9:00:30 AM UTC-8, Dan Gibbons wrote:
>>>
>>> Hi,
>>>
>>> I'm doing a POC with Ansible and Puppet but currently I can't even get 
>>> Ansible to talk to Windows using WinRM.  Here is my setup in Vagrant:
>>>
>>> Control server
>>> Centos 7.1 with all the right extras installed (pywinrm etc)
>>>
>>> group_vars/windows.yml
>>> ansible_user: vagrant
>>> ansible_password: vagrant
>>> ansible_port: 5985
>>> ansible_connection: winrm
>>> ansible_winrm_server_cert_validation: ignore
>>>
>>> Windows 2012 R2
>>> - Powershell winrm is pretty much open in terms of config (basic auth, 
>>> allow unencypted)
>>>
>>>
>>> I've tested winrm connections from the ansible server using the 
>>> following python script:
>>> import winrm
>>>
>>> import winrm
>>>
>>> s = winrm.Session('http://192.168.33.12:5985/wsman', auth=('user', 
>>> 'password'))
>>> r = s.run_cmd('ipconfig', ['/all'])
>>> print r.status_code
>>> print r.std_out
>>> print r.std_err
>>>
>>> This works successfully and my host Windows desktop can winrm to the 
>>> target server as well.
>>>
>>> But Ansible just will not work always giving me the following error:
>>>
>>> [root@ansible ansible]# ansible windows -m win_ping -v
>>> Using /ansible/ansible.cfg as config file
>>> Loaded callback minimal of type stdout, v2.0
>>> <192.168.33.12> ESTABLISH WINRM CONNECTION FOR USER: vagrant on PORT 
>>> 5985 TO 192.168.33.12
>>> <192.168.33.12> WINRM CONNECT: transport=plaintext endpoint=
>>> http://192.168.33.12:5985/wsman
>>> <192.168.33.12> EXEC /bin/sh -c 'PowerShell -NoProfile -NonInteractive 
>>> -ExecutionPolicy Unrestricted -EncodedCommand 
>>> UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAoAE4AZQB3AC0ASQB0AGUAbQAgAC0AVAB5AHAAZQAgAEQAaQByAGUAYwB0AG8AcgB5ACAALQBQAGEAdABoACAAJABlAG4AdgA6AHQAZQBtAHAAIAAtAE4AYQBtAGUAIAAiAGEAbgBzAGkAYgBsAGUALQB0AG0AcAAtADEANAA1ADMANAA1ADYANQA2ADYALgA0ADgALQA1ADcAMwAyADgANgAxADgAMgA4ADkANAAiACkALgBGAHUAbABsAE4AYQBtAGUAIAB8ACAAVwByAGkAdABlAC0ASABvAHMAdAAgAC0AUwBlAHAAYQByAGEAdABvAHIAIAAnACcAOwA='
>>> <192.168.33.12> WINRM OPEN SHELL: C6B534E7-4F4B-4AEB-B34A-97FE55EB0225
>>> <192.168.33.12> WINRM EXEC 'PowerShell' ['-NoProfile', 
>>> '-NonInteractive', '-ExecutionPolicy', 'Unrestricted', '-EncodedCommand', 
>>>

[ansible-project] Re: Ansible windows kerberos issue

2016-01-23 Thread Mayur Barge 
I will give it a try and let you know.
Thanks in advance for your help !

On Friday, 22 January 2016 23:51:37 UTC+5:30, Joe Levis wrote:
>
> Mayur,
>
> Make sure your Linux Control Machine is bound to the same domain as your 
> target Windows VM. After much reading and debugging, I realized my Ubuntu 
> server where I was running Ansible was not bound to the Domain.
>
> *Another thing...*
> I had to run the kinit command with the below flags on the Control Machine 
> to get past the auth failures (according to 
> https://github.com/diyan/pywinrm/issues/36#issuecomment-60175388):
> kinit -l 7d -r 7d -pAf us...@my.domain.com 
>
> *NOTE: I had run the kinit command before, but not with the flags. The 
> forwarding flags of kinit is what got me over the hump.*
>
>
> On Friday, January 22, 2016 at 4:30:09 AM UTC-8, Mayur Barge wrote:
>>
>> Hi Jon,
>>
>> Thanks for your inputs 
>>
>> If I manage windows machine using local administrator account then it 
>> works. But for AD account following is the error. I can successfully do 
>> kinit with domain user and klist displays appropriate ticket
>>
>>  ESTABLISH WINRM CONNECTION FOR USER: on PORT 5986 TO 
>> win2k8r2-client
>>
>>  WINRM CONNECT: transport=kerberos endpoint=
>> https://win2k8r2-client:5986/wsman
>>
>> win2k8r2-client | FAILED => Traceback (most recent call last):
>>
>> File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line 
>> 586, in _executor
>>
>> exec_rc = self._executor_internal(host, new_stdin)
>>
>> File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line 
>> 789, in _executor_internal
>>
>> return self._executor_internal_inner(host, self.module_name, 
>> self.module_args, inject, port, complex_args=complex_args)
>>
>> File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line 
>> 968, in _executor_internal_inner
>>
>> conn = self.connector.connect(actual_host, actual_port, actual_user, 
>> actual_pass, actual_transport, actual_private_key_file, delegate_host)
>>
>> File "/usr/lib/python2.7/site-packages/ansible/runner/connection.py", 
>> line 52, in connect
>>
>> self.active = conn.connect()
>>
>> File 
>> "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py",
>>  
>> line 140, in connect
>>
>> self.protocol = self._winrm_connect()
>>
>> File 
>> "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py",
>>  
>> line 96, in _winrm_connect
>>
>> protocol.send_message('')
>>
>> File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 193, in 
>> send_message
>>
>> return self.transport.send_message(message)
>>
>> File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 269, in 
>> send_message
>>
>> krb_ticket = KerberosTicket(self.krb_service)
>>
>> File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 205, in 
>> __init__
>>
>> kerberos.authGSSClientStep(krb_context, '')
>>
>> GSSError: (('Unspecified GSS failure. Minor code may provide more 
>> information', 851968), ('Server not found in Kerberos database', 
>> -1765328377))
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> On Monday, 18 January 2016 19:39:14 UTC+5:30, J Hawkesworth wrote:
>>>
>>> Hi Mayur,
>>>
>>> You usually get that message when kerberos is not configured properly on 
>>> your ansible controller.
>>>
>>> Please ensure you have followed the setup instructions here:
>>>
>>> http://docs.ansible.com/ansible/intro_windows.html#configuring-kerberos
>>>
>>> Without this, the ansible controller does cannot connect to your windows 
>>> domain, because it is unaware of the network location of your windows 
>>> domain controllers.
>>>
>>> Hope this helps,
>>>
>>> Jon
>>>
>>> On Friday, January 15, 2016 at 6:54:39 PM UTC, Mayur Barge wrote:

 Hi I'm facing below issue while connecting to windows machine using AD 
 accounts 


 File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", 
 line 586, in _executor
 exec_rc = self._executor_internal(host, new_stdin)
   File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", 
 line 789, in _executor_internal
 return self._executor_internal_inner(host, self.module_name, 
 self.module_args, inject, port, complex_args=complex_args)
   File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", 
 line 968, in _executor_internal_inner
 conn = self.connector.connect(actual_host, actual_port, 
 actual_user, actual_pass, actual_transport, actual_private_key_file, 
 delegate_host)
   File "/usr/lib/python2.7/site-packages/ansible/runner/connection.py", 
 line 52, in connect
 self.active = conn.connect()
   File 
 "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py",
  
 line 140, in connect
 self.protocol = self._winrm_connect()
   File 
 "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py",
  
 line 96, in _winrm_connect

[ansible-project] Re: Ansible Windows Winrm Authentication or permission failure.

2016-01-23 Thread Dan Gibbons 
Hi Joe,

Thanks for getting back to me I did both the items when I setup the control 
server and windows client.  Upon further investigation I can successfully 
execute raw commands which shows the config is correct, it's just the 
win_pin that fails for some reason so I presume I can't run modules.  I'll 
try another module when I get back to work but if you have any other 
suggestions please let me know.

Thanks

Dan




On Friday, 22 January 2016 18:14:54 UTC, Joe Levis wrote:
>
> Hi Dan,
>
> I ran into a lot of issues when trying to get Ansible to connect to my 
> remote Windows Server 2012 R2 VM. I finally got it working - maybe my 
> solutions will help you.
>
> *A couple questions:*
>
>1. Did you set up your Ansible Control Machine following the official 
>documentation to a tee (
>http://docs.ansible.com/ansible/intro_windows.html)?
>2. Have you run the remote setup PS1 script on the target server (
>
> https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1
>)?
>
>
> On Friday, January 22, 2016 at 9:00:30 AM UTC-8, Dan Gibbons wrote:
>>
>> Hi,
>>
>> I'm doing a POC with Ansible and Puppet but currently I can't even get 
>> Ansible to talk to Windows using WinRM.  Here is my setup in Vagrant:
>>
>> Control server
>> Centos 7.1 with all the right extras installed (pywinrm etc)
>>
>> group_vars/windows.yml
>> ansible_user: vagrant
>> ansible_password: vagrant
>> ansible_port: 5985
>> ansible_connection: winrm
>> ansible_winrm_server_cert_validation: ignore
>>
>> Windows 2012 R2
>> - Powershell winrm is pretty much open in terms of config (basic auth, 
>> allow unencypted)
>>
>>
>> I've tested winrm connections from the ansible server using the following 
>> python script:
>> import winrm
>>
>> import winrm
>>
>> s = winrm.Session('http://192.168.33.12:5985/wsman', auth=('user', 
>> 'password'))
>> r = s.run_cmd('ipconfig', ['/all'])
>> print r.status_code
>> print r.std_out
>> print r.std_err
>>
>> This works successfully and my host Windows desktop can winrm to the 
>> target server as well.
>>
>> But Ansible just will not work always giving me the following error:
>>
>> [root@ansible ansible]# ansible windows -m win_ping -v
>> Using /ansible/ansible.cfg as config file
>> Loaded callback minimal of type stdout, v2.0
>> <192.168.33.12> ESTABLISH WINRM CONNECTION FOR USER: vagrant on PORT 5985 
>> TO 192.168.33.12
>> <192.168.33.12> WINRM CONNECT: transport=plaintext endpoint=
>> http://192.168.33.12:5985/wsman
>> <192.168.33.12> EXEC /bin/sh -c 'PowerShell -NoProfile -NonInteractive 
>> -ExecutionPolicy Unrestricted -EncodedCommand 
>> UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAoAE4AZQB3AC0ASQB0AGUAbQAgAC0AVAB5AHAAZQAgAEQAaQByAGUAYwB0AG8AcgB5ACAALQBQAGEAdABoACAAJABlAG4AdgA6AHQAZQBtAHAAIAAtAE4AYQBtAGUAIAAiAGEAbgBzAGkAYgBsAGUALQB0AG0AcAAtADEANAA1ADMANAA1ADYANQA2ADYALgA0ADgALQA1ADcAMwAyADgANgAxADgAMgA4ADkANAAiACkALgBGAHUAbABsAE4AYQBtAGUAIAB8ACAAVwByAGkAdABlAC0ASABvAHMAdAAgAC0AUwBlAHAAYQByAGEAdABvAHIAIAAnACcAOwA='
>> <192.168.33.12> WINRM OPEN SHELL: C6B534E7-4F4B-4AEB-B34A-97FE55EB0225
>> <192.168.33.12> WINRM EXEC 'PowerShell' ['-NoProfile', '-NonInteractive', 
>> '-ExecutionPolicy', 'Unrestricted', '-EncodedCommand', 
>> 'LwBiAGkAbgAvAHMAaAAgAC0AYwAgACcAUABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAG8AQQBFADQAQQBaAFEAQgAzAEEAQwAwAEEAUwBRAEIAMABBAEcAVQBBAGIAUQBBAGcAQQBDADAAQQBWAEEAQgA1AEEASABBAEEAWgBRAEEAZwBBAEUAUQBBAGEAUQBCAHkAQQBHAFUAQQBZAHcAQgAwAEEARwA4AEEAYwBnAEIANQBBAEMAQQBBAEwAUQBCAFEAQQBHAEUAQQBkAEEAQgBvAEEAQwBBAEEASgBBAEIAbABBAEcANABBAGQAZwBBADYAQQBIAFEAQQBaAFEAQgB0AEEASABBAEEASQBBAEEAdABBAEUANABBAFkAUQBCAHQAQQBHAFUAQQBJAEEAQQBpAEEARwBFAEEAYgBnAEIAegBBAEcAawBBAFkAZwBCAHMAQQBHAFUAQQBMAFEAQgAwAEEARwAwAEEAYwBBAEEAdABBAEQARQBBAE4AQQBBADEAQQBEAE0AQQBOAEEAQQAxAEEARABZAEEATgBRAEEAMgBBAEQAWQBBAEwAZwBBADAAQQBEAGcAQQBMAFEAQQAxAEEARABjAEEATQB3AEEAeQBBAEQAZwBBAE4AZwBBAHgAQQBEAGcAQQBNAGcAQQA0AEEARABrAEEATgBBAEEAaQBBAEMAawBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEkAQQBCADgAQQBDAEEAQQBWAHcAQgB5AEEARwBrAEEAZABBAEIAbABBAEMAMABBAFMAQQBCAHYAQQBIAE0AQQBkAEEAQQBnAEEAQwAwAEEAVQB3AEIAbABBAEgAQQBBAFkAUQBCAHkAQQBHAEUAQQBkAEEAQgB2AEEASABJAEEASQBBAEEAbgBBAEMAYwBBAE8AdwBBAD0AJwA=']
>> <192.168.33.12> WINRM RESULT u'> CLIXML\r\n'
>> <192.168.33.12> WINRM CLOSE SHELL: C6B534E7-4F4B-4AEB-B34A-97FE55EB0225
>> 192.168.33.12 | UNREACHABLE! => {
>> "changed": false,
>> "msg": "Authentication or permission failure. In some cases, you may 
>> have been able to authenticate and did not have

[ansible-project] Re: Ansible windows kerberos issue

2016-01-22 Thread Joe Levis 
Mayur,

Make sure your Linux Control Machine is bound to the same domain as your 
target Windows VM. After much reading and debugging, I realized my Ubuntu 
server where I was running Ansible was not bound to the Domain.

*Another thing...*
I had to run the kinit command with the below flags on the Control Machine 
to get past the auth failures (according to 
https://github.com/diyan/pywinrm/issues/36#issuecomment-60175388):
kinit -l 7d -r 7d -pAf u...@my.domain.com

*NOTE: I had run the kinit command before, but not with the flags. The 
forwarding flags of kinit is what got me over the hump.*


On Friday, January 22, 2016 at 4:30:09 AM UTC-8, Mayur Barge wrote:
>
> Hi Jon,
>
> Thanks for your inputs 
>
> If I manage windows machine using local administrator account then it 
> works. But for AD account following is the error. I can successfully do 
> kinit with domain user and klist displays appropriate ticket
>
>  ESTABLISH WINRM CONNECTION FOR USER: on PORT 5986 TO 
> win2k8r2-client
>
>  WINRM CONNECT: transport=kerberos endpoint=
> https://win2k8r2-client:5986/wsman
>
> win2k8r2-client | FAILED => Traceback (most recent call last):
>
> File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line 
> 586, in _executor
>
> exec_rc = self._executor_internal(host, new_stdin)
>
> File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line 
> 789, in _executor_internal
>
> return self._executor_internal_inner(host, self.module_name, 
> self.module_args, inject, port, complex_args=complex_args)
>
> File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line 
> 968, in _executor_internal_inner
>
> conn = self.connector.connect(actual_host, actual_port, actual_user, 
> actual_pass, actual_transport, actual_private_key_file, delegate_host)
>
> File "/usr/lib/python2.7/site-packages/ansible/runner/connection.py", line 
> 52, in connect
>
> self.active = conn.connect()
>
> File 
> "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py",
>  
> line 140, in connect
>
> self.protocol = self._winrm_connect()
>
> File 
> "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py",
>  
> line 96, in _winrm_connect
>
> protocol.send_message('')
>
> File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 193, in 
> send_message
>
> return self.transport.send_message(message)
>
> File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 269, in 
> send_message
>
> krb_ticket = KerberosTicket(self.krb_service)
>
> File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 205, in 
> __init__
>
> kerberos.authGSSClientStep(krb_context, '')
>
> GSSError: (('Unspecified GSS failure. Minor code may provide more 
> information', 851968), ('Server not found in Kerberos database', 
> -1765328377))
>
>
>
>
>
>
>
>
>
> On Monday, 18 January 2016 19:39:14 UTC+5:30, J Hawkesworth wrote:
>>
>> Hi Mayur,
>>
>> You usually get that message when kerberos is not configured properly on 
>> your ansible controller.
>>
>> Please ensure you have followed the setup instructions here:
>>
>> http://docs.ansible.com/ansible/intro_windows.html#configuring-kerberos
>>
>> Without this, the ansible controller does cannot connect to your windows 
>> domain, because it is unaware of the network location of your windows 
>> domain controllers.
>>
>> Hope this helps,
>>
>> Jon
>>
>> On Friday, January 15, 2016 at 6:54:39 PM UTC, Mayur Barge wrote:
>>>
>>> Hi I'm facing below issue while connecting to windows machine using AD 
>>> accounts 
>>>
>>>
>>> File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line 
>>> 586, in _executor
>>> exec_rc = self._executor_internal(host, new_stdin)
>>>   File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", 
>>> line 789, in _executor_internal
>>> return self._executor_internal_inner(host, self.module_name, 
>>> self.module_args, inject, port, complex_args=complex_args)
>>>   File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", 
>>> line 968, in _executor_internal_inner
>>> conn = self.connector.connect(actual_host, actual_port, actual_user, 
>>> actual_pass, actual_transport, actual_private_key_file, delegate_host)
>>>   File "/usr/lib/python2.7/site-packages/ansible/runner/connection.py", 
>>> line 52, in connect
>>> self.active = conn.connect()
>>>   File 
>>> "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py",
>>>  
>>> line 140, in connect
>>> self.protocol = self._winrm_connect()
>>>   File 
>>> "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py",
>>>  
>>> line 96, in _winrm_connect
>>> protocol.send_message('')
>>>   File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 193, 
>>> in send_message
>>> return self.transport.send_message(message)
>>>   File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 269, 
>>> in send_message
>>> krb_ticket =

[ansible-project] Re: Ansible Windows Winrm Authentication or permission failure.

2016-01-22 Thread Joe Levis 
Hi Dan,

I ran into a lot of issues when trying to get Ansible to connect to my 
remote Windows Server 2012 R2 VM. I finally got it working - maybe my 
solutions will help you.

*A couple questions:*

   1. Did you set up your Ansible Control Machine following the official 
   documentation to a tee (
   http://docs.ansible.com/ansible/intro_windows.html)?
   2. Have you run the remote setup PS1 script on the target server (
   
https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1
   )?
   

On Friday, January 22, 2016 at 9:00:30 AM UTC-8, Dan Gibbons wrote:
>
> Hi,
>
> I'm doing a POC with Ansible and Puppet but currently I can't even get 
> Ansible to talk to Windows using WinRM.  Here is my setup in Vagrant:
>
> Control server
> Centos 7.1 with all the right extras installed (pywinrm etc)
>
> group_vars/windows.yml
> ansible_user: vagrant
> ansible_password: vagrant
> ansible_port: 5985
> ansible_connection: winrm
> ansible_winrm_server_cert_validation: ignore
>
> Windows 2012 R2
> - Powershell winrm is pretty much open in terms of config (basic auth, 
> allow unencypted)
>
>
> I've tested winrm connections from the ansible server using the following 
> python script:
> import winrm
>
> import winrm
>
> s = winrm.Session('http://192.168.33.12:5985/wsman', auth=('user', 
> 'password'))
> r = s.run_cmd('ipconfig', ['/all'])
> print r.status_code
> print r.std_out
> print r.std_err
>
> This works successfully and my host Windows desktop can winrm to the 
> target server as well.
>
> But Ansible just will not work always giving me the following error:
>
> [root@ansible ansible]# ansible windows -m win_ping -v
> Using /ansible/ansible.cfg as config file
> Loaded callback minimal of type stdout, v2.0
> <192.168.33.12> ESTABLISH WINRM CONNECTION FOR USER: vagrant on PORT 5985 
> TO 192.168.33.12
> <192.168.33.12> WINRM CONNECT: transport=plaintext endpoint=
> http://192.168.33.12:5985/wsman
> <192.168.33.12> EXEC /bin/sh -c 'PowerShell -NoProfile -NonInteractive 
> -ExecutionPolicy Unrestricted -EncodedCommand 
> UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAoAE4AZQB3AC0ASQB0AGUAbQAgAC0AVAB5AHAAZQAgAEQAaQByAGUAYwB0AG8AcgB5ACAALQBQAGEAdABoACAAJABlAG4AdgA6AHQAZQBtAHAAIAAtAE4AYQBtAGUAIAAiAGEAbgBzAGkAYgBsAGUALQB0AG0AcAAtADEANAA1ADMANAA1ADYANQA2ADYALgA0ADgALQA1ADcAMwAyADgANgAxADgAMgA4ADkANAAiACkALgBGAHUAbABsAE4AYQBtAGUAIAB8ACAAVwByAGkAdABlAC0ASABvAHMAdAAgAC0AUwBlAHAAYQByAGEAdABvAHIAIAAnACcAOwA='
> <192.168.33.12> WINRM OPEN SHELL: C6B534E7-4F4B-4AEB-B34A-97FE55EB0225
> <192.168.33.12> WINRM EXEC 'PowerShell' ['-NoProfile', '-NonInteractive', 
> '-ExecutionPolicy', 'Unrestricted', '-EncodedCommand', 
> 'LwBiAGkAbgAvAHMAaAAgAC0AYwAgACcAUABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAG8AQQBFADQAQQBaAFEAQgAzAEEAQwAwAEEAUwBRAEIAMABBAEcAVQBBAGIAUQBBAGcAQQBDADAAQQBWAEEAQgA1AEEASABBAEEAWgBRAEEAZwBBAEUAUQBBAGEAUQBCAHkAQQBHAFUAQQBZAHcAQgAwAEEARwA4AEEAYwBnAEIANQBBAEMAQQBBAEwAUQBCAFEAQQBHAEUAQQBkAEEAQgBvAEEAQwBBAEEASgBBAEIAbABBAEcANABBAGQAZwBBADYAQQBIAFEAQQBaAFEAQgB0AEEASABBAEEASQBBAEEAdABBAEUANABBAFkAUQBCAHQAQQBHAFUAQQBJAEEAQQBpAEEARwBFAEEAYgBnAEIAegBBAEcAawBBAFkAZwBCAHMAQQBHAFUAQQBMAFEAQgAwAEEARwAwAEEAYwBBAEEAdABBAEQARQBBAE4AQQBBADEAQQBEAE0AQQBOAEEAQQAxAEEARABZAEEATgBRAEEAMgBBAEQAWQBBAEwAZwBBADAAQQBEAGcAQQBMAFEAQQAxAEEARABjAEEATQB3AEEAeQBBAEQAZwBBAE4AZwBBAHgAQQBEAGcAQQBNAGcAQQA0AEEARABrAEEATgBBAEEAaQBBAEMAawBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEkAQQBCADgAQQBDAEEAQQBWAHcAQgB5AEEARwBrAEEAZABBAEIAbABBAEMAMABBAFMAQQBCAHYAQQBIAE0AQQBkAEEAQQBnAEEAQwAwAEEAVQB3AEIAbABBAEgAQQBBAFkAUQBCAHkAQQBHAEUAQQBkAEEAQgB2AEEASABJAEEASQBBAEEAbgBBAEMAYwBBAE8AdwBBAD0AJwA=']
> <192.168.33.12> WINRM RESULT u' CLIXML\r\n'
> <192.168.33.12> WINRM CLOSE SHELL: C6B534E7-4F4B-4AEB-B34A-97FE55EB0225
> 192.168.33.12 | UNREACHABLE! => {
> "changed": false,
> "msg": "Authentication or permission failure. In some cases, you may 
> have been able to authenticate and did not have permissions on the remote 
> directory. Consider changing the remote temp path in ansible.cfg to a path 
> rooted in \"/tmp\". Failed command was: PowerShell -NoProfile 
> -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand 
>

[ansible-project] Re: Ansible windows kerberos issue

2016-01-22 Thread Mayur Barge 
Hi Jon,

Thanks for your inputs 

If I manage windows machine using local administrator account then it 
works. But for AD account following is the error. I can successfully do 
kinit with domain user and klist displays appropriate ticket

 ESTABLISH WINRM CONNECTION FOR USER: on PORT 5986 TO 
win2k8r2-client

 WINRM CONNECT: transport=kerberos 
endpoint=https://win2k8r2-client:5986/wsman

win2k8r2-client | FAILED => Traceback (most recent call last):

File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line 
586, in _executor

exec_rc = self._executor_internal(host, new_stdin)

File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line 
789, in _executor_internal

return self._executor_internal_inner(host, self.module_name, 
self.module_args, inject, port, complex_args=complex_args)

File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line 
968, in _executor_internal_inner

conn = self.connector.connect(actual_host, actual_port, actual_user, 
actual_pass, actual_transport, actual_private_key_file, delegate_host)

File "/usr/lib/python2.7/site-packages/ansible/runner/connection.py", line 
52, in connect

self.active = conn.connect()

File 
"/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", 
line 140, in connect

self.protocol = self._winrm_connect()

File 
"/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", 
line 96, in _winrm_connect

protocol.send_message('')

File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 193, in 
send_message

return self.transport.send_message(message)

File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 269, in 
send_message

krb_ticket = KerberosTicket(self.krb_service)

File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 205, in 
__init__

kerberos.authGSSClientStep(krb_context, '')

GSSError: (('Unspecified GSS failure. Minor code may provide more 
information', 851968), ('Server not found in Kerberos database', 
-1765328377))









On Monday, 18 January 2016 19:39:14 UTC+5:30, J Hawkesworth wrote:
>
> Hi Mayur,
>
> You usually get that message when kerberos is not configured properly on 
> your ansible controller.
>
> Please ensure you have followed the setup instructions here:
>
> http://docs.ansible.com/ansible/intro_windows.html#configuring-kerberos
>
> Without this, the ansible controller does cannot connect to your windows 
> domain, because it is unaware of the network location of your windows 
> domain controllers.
>
> Hope this helps,
>
> Jon
>
> On Friday, January 15, 2016 at 6:54:39 PM UTC, Mayur Barge wrote:
>>
>> Hi I'm facing below issue while connecting to windows machine using AD 
>> accounts 
>>
>>
>> File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line 
>> 586, in _executor
>> exec_rc = self._executor_internal(host, new_stdin)
>>   File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", 
>> line 789, in _executor_internal
>> return self._executor_internal_inner(host, self.module_name, 
>> self.module_args, inject, port, complex_args=complex_args)
>>   File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", 
>> line 968, in _executor_internal_inner
>> conn = self.connector.connect(actual_host, actual_port, actual_user, 
>> actual_pass, actual_transport, actual_private_key_file, delegate_host)
>>   File "/usr/lib/python2.7/site-packages/ansible/runner/connection.py", 
>> line 52, in connect
>> self.active = conn.connect()
>>   File 
>> "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py",
>>  
>> line 140, in connect
>> self.protocol = self._winrm_connect()
>>   File 
>> "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py",
>>  
>> line 96, in _winrm_connect
>> protocol.send_message('')
>>   File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 193, in 
>> send_message
>> return self.transport.send_message(message)
>>   File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 269, 
>> in send_message
>> krb_ticket = KerberosTicket(self.krb_service)
>>   File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 205, 
>> in __init__
>> kerberos.authGSSClientStep(krb_context, '')
>> GSSError: (('Unspecified GSS failure.  Minor code may provide more 
>> information', 851968), ('Server not found in Kerberos database', 
>> -1765328377))
>>
>>
>> Please help
>>
>> Thanks,
>> Mayur
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6713a2cb-d9cb-4791-b5fc-2870ad98a990%40googlegroups.com.
For more options, visit

[ansible-project] Re: Ansible windows kerberos issue

2016-01-18 Thread J Hawkesworth 
Hi Mayur,

You usually get that message when kerberos is not configured properly on 
your ansible controller.

Please ensure you have followed the setup instructions here:

http://docs.ansible.com/ansible/intro_windows.html#configuring-kerberos

Without this, the ansible controller does cannot connect to your windows 
domain, because it is unaware of the network location of your windows 
domain controllers.

Hope this helps,

Jon

On Friday, January 15, 2016 at 6:54:39 PM UTC, Mayur Barge wrote:
>
> Hi I'm facing below issue while connecting to windows machine using AD 
> accounts 
>
>
> File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line 
> 586, in _executor
> exec_rc = self._executor_internal(host, new_stdin)
>   File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line 
> 789, in _executor_internal
> return self._executor_internal_inner(host, self.module_name, 
> self.module_args, inject, port, complex_args=complex_args)
>   File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line 
> 968, in _executor_internal_inner
> conn = self.connector.connect(actual_host, actual_port, actual_user, 
> actual_pass, actual_transport, actual_private_key_file, delegate_host)
>   File "/usr/lib/python2.7/site-packages/ansible/runner/connection.py", 
> line 52, in connect
> self.active = conn.connect()
>   File 
> "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py",
>  
> line 140, in connect
> self.protocol = self._winrm_connect()
>   File 
> "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py",
>  
> line 96, in _winrm_connect
> protocol.send_message('')
>   File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 193, in 
> send_message
> return self.transport.send_message(message)
>   File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 269, in 
> send_message
> krb_ticket = KerberosTicket(self.krb_service)
>   File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 205, in 
> __init__
> kerberos.authGSSClientStep(krb_context, '')
> GSSError: (('Unspecified GSS failure.  Minor code may provide more 
> information', 851968), ('Server not found in Kerberos database', 
> -1765328377))
>
>
> Please help
>
> Thanks,
> Mayur
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/102e25aa-e4c7-4314-9856-47197f9906fe%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible Windows

2014-12-04 Thread J Hawkesworth 
Yes, there is a thread on the Ansible Development list detailing progress on 
this. 

-- 
You received this message because you are subscribed to the Google Groups 
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/0d6d6753-b481-4591-9ee4-3ef96296e765%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible Windows

2014-12-03 Thread Geoff Webster 
Are there plans on supporting the kerbros authentication so this works in 
domain environments?

On Friday, October 17, 2014 11:02:06 AM UTC-4, Bryan Cochrane wrote:

 I am trying to setup windows remoting for ansible.

 I have Ansible version 1.7.2, ee-bryan is Windows 8.1, ee-csg is Windows 
 Server 2012. Both have Powershell 4.

 under /etc/ansible I have created hosts as
 [windows]
 ee-bryan
 ee-csg

 and I have created /etc/ansible/group_vars/windows.yml with

 #It is suggested that these be encrypted with ansible-vault:
 # ansible-vault edit group_vars/windows.yml
 #
  ansible_ssh_user: Administrator
  ansible_ssh_pass: password
  ansible_ssh_port: 5986
  ansible_connection: winrm

 but on testing I get 

 # ansible windows -m win_ping
 ee-csg.ee.ic.ac.uk | FAILED = Traceback (most recent call last):
   File /usr/lib/python2.7/site-packages/ansible/runner/__init__.py, line 
 561, in _executor
 exec_rc = self._executor_internal(host, new_stdin)
   File /usr/lib/python2.7/site-packages/ansible/runner/__init__.py, line 
 666, in _executor_internal
 return self._executor_internal_inner(host, self.module_name, 
 self.module_args, inject, port, complex_args=complex_args)
   File /usr/lib/python2.7/site-packages/ansible/runner/__init__.py, line 
 837, in _executor_internal_inner
 conn = self.connector.connect(actual_host, actual_port, actual_user, 
 actual_pass, actual_transport, actual_private_key_file)
   File /usr/lib/python2.7/site-packages/ansible/runner/connection.py, 
 line 34, in connect
 self.active = conn.connect()
   File 
 /usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py,
  
 line 132, in connect
 self.protocol = self._winrm_connect()
   File 
 /usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py,
  
 line 90, in _winrm_connect
 err_msg = str(exc.args[0])
 IndexError: tuple index out of range

 ee-bryan.ee.ic.ac.uk | FAILED = Traceback (most recent call last):
   File /usr/lib/python2.7/site-packages/ansible/runner/__init__.py, line 
 561, in _executor
 exec_rc = self._executor_internal(host, new_stdin)
   File /usr/lib/python2.7/site-packages/ansible/runner/__init__.py, line 
 666, in _executor_internal
 return self._executor_internal_inner(host, self.module_name, 
 self.module_args, inject, port, complex_args=complex_args)
   File /usr/lib/python2.7/site-packages/ansible/runner/__init__.py, line 
 837, in _executor_internal_inner
 conn = self.connector.connect(actual_host, actual_port, actual_user, 
 actual_pass, actual_transport, actual_private_key_file)
   File /usr/lib/python2.7/site-packages/ansible/runner/connection.py, 
 line 34, in connect
 self.active = conn.connect()
   File 
 /usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py,
  
 line 132, in connect
 self.protocol = self._winrm_connect()
   File 
 /usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py,
  
 line 90, in _winrm_connect
 err_msg = str(exc.args[0])
 IndexError: tuple index out of range



-- 
You received this message because you are subscribed to the Google Groups 
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/91dbfa13-8110-475b-853b-d44b2b2058f6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Ansible Windows

2014-11-20 Thread Peter Daly-Dickson 
I get exactly the same...

*☿* |staging:e38026ddcaae ✗| → ansible -i ./provisioning/hosts windows -m 
win_ping

54.67.74.52 | FAILED = Traceback (most recent call last):

  File 
/usr/local/lib/python2.7/site-packages/ansible-1.7.2-py2.7.egg/ansible/runner/__init__.py,
 
line 561, in _executor

exec_rc = self._executor_internal(host, new_stdin)

  File 
/usr/local/lib/python2.7/site-packages/ansible-1.7.2-py2.7.egg/ansible/runner/__init__.py,
 
line 666, in _executor_internal

return self._executor_internal_inner(host, self.module_name, 
self.module_args, inject, port, complex_args=complex_args)

  File 
/usr/local/lib/python2.7/site-packages/ansible-1.7.2-py2.7.egg/ansible/runner/__init__.py,
 
line 837, in _executor_internal_inner

conn = self.connector.connect(actual_host, actual_port, actual_user, 
actual_pass, actual_transport, actual_private_key_file)

  File 
/usr/local/lib/python2.7/site-packages/ansible-1.7.2-py2.7.egg/ansible/runner/connection.py,
 
line 34, in connect

self.active = conn.connect()

  File 
/usr/local/lib/python2.7/site-packages/ansible-1.7.2-py2.7.egg/ansible/runner/connection_plugins/winrm.py,
 
line 132, in connect

self.protocol = self._winrm_connect()

  File 
/usr/local/lib/python2.7/site-packages/ansible-1.7.2-py2.7.egg/ansible/runner/connection_plugins/winrm.py,
 
line 90, in _winrm_connect

err_msg = str(exc.args[0])

IndexError: tuple index out of range

I installed ansible on my Macbook Pro via homebrew. What's the 
best/quickest/easiest way to get the fix for this?

Thanks.

P.

On Saturday, 25 October 2014 20:47:20 UTC+1, Chris Church wrote:

 That IndexError has been fixed in ansible devel.  It's not really a 
 pywinrm issue, but an ansible issue in trying to handle the HTTPError from 
 pywinrm.

 It happens when the HTTPError from urllib2 isn't a file-like object 
 (despite what the docs say in 
 https://docs.python.org/2/library/urllib2.html#urllib2.HTTPError).


 On Mon, Oct 20, 2014 at 4:58 PM, Michael DeHaan mic...@ansible.com 
 javascript: wrote:

 This is probably a good error to file upstream with winrm, such that on 
 this error it can present something better to the user.

 We could catch it, but an IndexError is the wrong sort of exception to be 
 catching here.



 On Sun, Oct 19, 2014 at 2:44 PM, Trond Hindenes tr...@hindenes.com 
 javascript: wrote:

 Have you prepared your Windows nodes as per documentation? Basically, 
 yuu need to enable WinRM connections over HTTPS, and enable Baisc auth for 
 your WinRm endpoint. Look at the documentation, there's a script that will 
 do those things for you. I've uploaded a newer version of that script here: 
 https://gist.github.com/trondhindenes/2cd162d4b17c2c28ec40

 _Trond


 On Friday, October 17, 2014 5:02:06 PM UTC+2, Bryan Cochrane wrote:

 I am trying to setup windows remoting for ansible.

 I have Ansible version 1.7.2, ee-bryan is Windows 8.1, ee-csg is 
 Windows Server 2012. Both have Powershell 4.

 under /etc/ansible I have created hosts as
 [windows]
 ee-bryan
 ee-csg

 and I have created /etc/ansible/group_vars/windows.yml with

 #It is suggested that these be encrypted with ansible-vault:
 # ansible-vault edit group_vars/windows.yml
 #
  ansible_ssh_user: Administrator
  ansible_ssh_pass: password
  ansible_ssh_port: 5986
  ansible_connection: winrm

 but on testing I get 

 # ansible windows -m win_ping
 ee-csg.ee.ic.ac.uk | FAILED = Traceback (most recent call last):
   File /usr/lib/python2.7/site-packages/ansible/runner/__init__.py, 
 line 561, in _executor
 exec_rc = self._executor_internal(host, new_stdin)
   File /usr/lib/python2.7/site-packages/ansible/runner/__init__.py, 
 line 666, in _executor_internal
 return self._executor_internal_inner(host, self.module_name, 
 self.module_args, inject, port, complex_args=complex_args)
   File /usr/lib/python2.7/site-packages/ansible/runner/__init__.py, 
 line 837, in _executor_internal_inner
 conn = self.connector.connect(actual_host, actual_port, 
 actual_user, actual_pass, actual_transport, actual_private_key_file)
   File /usr/lib/python2.7/site-packages/ansible/runner/connection.py, 
 line 34, in connect
 self.active = conn.connect()
   File 
 /usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py,
  
 line 132, in connect
 self.protocol = self._winrm_connect()
   File 
 /usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py,
  
 line 90, in _winrm_connect
 err_msg = str(exc.args[0])
 IndexError: tuple index out of range

 ee-bryan.ee.ic.ac.uk | FAILED = Traceback (most recent call last):
   File /usr/lib/python2.7/site-packages/ansible/runner/__init__.py, 
 line 561, in _executor
 exec_rc = self._executor_internal(host, new_stdin)
   File /usr/lib/python2.7/site-packages/ansible/runner/__init__.py, 
 line 666, in _executor_internal
 return self._executor_internal_inner(host, self.module_name, 
 self.module_args, inject, port,

Re: [ansible-project] Re: Ansible Windows

2014-11-20 Thread Peter Daly-Dickson 
I installed ansible from source, and it now works a treat!

*☿* |staging:e38026ddcaae ✗| → ansible -i ./provisioning/hosts production 
-m win_ping

54.67.74.52 | success  {

changed: false, 

ping: pong

}


Thanks for ansible, and for great resources to fix issues.

cheers

P.

On Saturday, 25 October 2014 20:47:20 UTC+1, Chris Church wrote:

 That IndexError has been fixed in ansible devel.  It's not really a 
 pywinrm issue, but an ansible issue in trying to handle the HTTPError from 
 pywinrm.

 It happens when the HTTPError from urllib2 isn't a file-like object 
 (despite what the docs say in 
 https://docs.python.org/2/library/urllib2.html#urllib2.HTTPError).


 On Mon, Oct 20, 2014 at 4:58 PM, Michael DeHaan mic...@ansible.com 
 javascript: wrote:

 This is probably a good error to file upstream with winrm, such that on 
 this error it can present something better to the user.

 We could catch it, but an IndexError is the wrong sort of exception to be 
 catching here.



 On Sun, Oct 19, 2014 at 2:44 PM, Trond Hindenes tr...@hindenes.com 
 javascript: wrote:

 Have you prepared your Windows nodes as per documentation? Basically, 
 yuu need to enable WinRM connections over HTTPS, and enable Baisc auth for 
 your WinRm endpoint. Look at the documentation, there's a script that will 
 do those things for you. I've uploaded a newer version of that script here: 
 https://gist.github.com/trondhindenes/2cd162d4b17c2c28ec40

 _Trond


 On Friday, October 17, 2014 5:02:06 PM UTC+2, Bryan Cochrane wrote:

 I am trying to setup windows remoting for ansible.

 I have Ansible version 1.7.2, ee-bryan is Windows 8.1, ee-csg is 
 Windows Server 2012. Both have Powershell 4.

 under /etc/ansible I have created hosts as
 [windows]
 ee-bryan
 ee-csg

 and I have created /etc/ansible/group_vars/windows.yml with

 #It is suggested that these be encrypted with ansible-vault:
 # ansible-vault edit group_vars/windows.yml
 #
  ansible_ssh_user: Administrator
  ansible_ssh_pass: password
  ansible_ssh_port: 5986
  ansible_connection: winrm

 but on testing I get 

 # ansible windows -m win_ping
 ee-csg.ee.ic.ac.uk | FAILED = Traceback (most recent call last):
   File /usr/lib/python2.7/site-packages/ansible/runner/__init__.py, 
 line 561, in _executor
 exec_rc = self._executor_internal(host, new_stdin)
   File /usr/lib/python2.7/site-packages/ansible/runner/__init__.py, 
 line 666, in _executor_internal
 return self._executor_internal_inner(host, self.module_name, 
 self.module_args, inject, port, complex_args=complex_args)
   File /usr/lib/python2.7/site-packages/ansible/runner/__init__.py, 
 line 837, in _executor_internal_inner
 conn = self.connector.connect(actual_host, actual_port, 
 actual_user, actual_pass, actual_transport, actual_private_key_file)
   File /usr/lib/python2.7/site-packages/ansible/runner/connection.py, 
 line 34, in connect
 self.active = conn.connect()
   File 
 /usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py,
  
 line 132, in connect
 self.protocol = self._winrm_connect()
   File 
 /usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py,
  
 line 90, in _winrm_connect
 err_msg = str(exc.args[0])
 IndexError: tuple index out of range

 ee-bryan.ee.ic.ac.uk | FAILED = Traceback (most recent call last):
   File /usr/lib/python2.7/site-packages/ansible/runner/__init__.py, 
 line 561, in _executor
 exec_rc = self._executor_internal(host, new_stdin)
   File /usr/lib/python2.7/site-packages/ansible/runner/__init__.py, 
 line 666, in _executor_internal
 return self._executor_internal_inner(host, self.module_name, 
 self.module_args, inject, port, complex_args=complex_args)
   File /usr/lib/python2.7/site-packages/ansible/runner/__init__.py, 
 line 837, in _executor_internal_inner
 conn = self.connector.connect(actual_host, actual_port, 
 actual_user, actual_pass, actual_transport, actual_private_key_file)
   File /usr/lib/python2.7/site-packages/ansible/runner/connection.py, 
 line 34, in connect
 self.active = conn.connect()
   File 
 /usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py,
  
 line 132, in connect
 self.protocol = self._winrm_connect()
   File 
 /usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py,
  
 line 90, in _winrm_connect
 err_msg = str(exc.args[0])
 IndexError: tuple index out of range

  -- 
 You received this message because you are subscribed to the Google 
 Groups Ansible Project group.
 To unsubscribe from this group and stop receiving emails from it, send 
 an email to ansible-proje...@googlegroups.com javascript:.
 To post to this group, send email to ansible...@googlegroups.com 
 javascript:.
 To view this discussion on the web visit 
 https://groups.google.com/d/msgid/ansible-project/5a2d00b4-3009-4912-abe9-28c9764dc9f8%40googlegroups.com

Re: [ansible-project] Re: Ansible Windows

2014-10-25 Thread Chris Church 
That IndexError has been fixed in ansible devel.  It's not really a pywinrm
issue, but an ansible issue in trying to handle the HTTPError from pywinrm.

It happens when the HTTPError from urllib2 isn't a file-like object
(despite what the docs say in
https://docs.python.org/2/library/urllib2.html#urllib2.HTTPError).


On Mon, Oct 20, 2014 at 4:58 PM, Michael DeHaan mich...@ansible.com wrote:

 This is probably a good error to file upstream with winrm, such that on
 this error it can present something better to the user.

 We could catch it, but an IndexError is the wrong sort of exception to be
 catching here.



 On Sun, Oct 19, 2014 at 2:44 PM, Trond Hindenes tr...@hindenes.com
 wrote:

 Have you prepared your Windows nodes as per documentation? Basically, yuu
 need to enable WinRM connections over HTTPS, and enable Baisc auth for your
 WinRm endpoint. Look at the documentation, there's a script that will do
 those things for you. I've uploaded a newer version of that script here:
 https://gist.github.com/trondhindenes/2cd162d4b17c2c28ec40

 _Trond


 On Friday, October 17, 2014 5:02:06 PM UTC+2, Bryan Cochrane wrote:

 I am trying to setup windows remoting for ansible.

 I have Ansible version 1.7.2, ee-bryan is Windows 8.1, ee-csg is Windows
 Server 2012. Both have Powershell 4.

 under /etc/ansible I have created hosts as
 [windows]
 ee-bryan
 ee-csg

 and I have created /etc/ansible/group_vars/windows.yml with

 #It is suggested that these be encrypted with ansible-vault:
 # ansible-vault edit group_vars/windows.yml
 #
  ansible_ssh_user: Administrator
  ansible_ssh_pass: password
  ansible_ssh_port: 5986
  ansible_connection: winrm

 but on testing I get

 # ansible windows -m win_ping
 ee-csg.ee.ic.ac.uk | FAILED = Traceback (most recent call last):
   File /usr/lib/python2.7/site-packages/ansible/runner/__init__.py,
 line 561, in _executor
 exec_rc = self._executor_internal(host, new_stdin)
   File /usr/lib/python2.7/site-packages/ansible/runner/__init__.py,
 line 666, in _executor_internal
 return self._executor_internal_inner(host, self.module_name,
 self.module_args, inject, port, complex_args=complex_args)
   File /usr/lib/python2.7/site-packages/ansible/runner/__init__.py,
 line 837, in _executor_internal_inner
 conn = self.connector.connect(actual_host, actual_port,
 actual_user, actual_pass, actual_transport, actual_private_key_file)
   File /usr/lib/python2.7/site-packages/ansible/runner/connection.py,
 line 34, in connect
 self.active = conn.connect()
   File 
 /usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py,
 line 132, in connect
 self.protocol = self._winrm_connect()
   File 
 /usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py,
 line 90, in _winrm_connect
 err_msg = str(exc.args[0])
 IndexError: tuple index out of range

 ee-bryan.ee.ic.ac.uk | FAILED = Traceback (most recent call last):
   File /usr/lib/python2.7/site-packages/ansible/runner/__init__.py,
 line 561, in _executor
 exec_rc = self._executor_internal(host, new_stdin)
   File /usr/lib/python2.7/site-packages/ansible/runner/__init__.py,
 line 666, in _executor_internal
 return self._executor_internal_inner(host, self.module_name,
 self.module_args, inject, port, complex_args=complex_args)
   File /usr/lib/python2.7/site-packages/ansible/runner/__init__.py,
 line 837, in _executor_internal_inner
 conn = self.connector.connect(actual_host, actual_port,
 actual_user, actual_pass, actual_transport, actual_private_key_file)
   File /usr/lib/python2.7/site-packages/ansible/runner/connection.py,
 line 34, in connect
 self.active = conn.connect()
   File 
 /usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py,
 line 132, in connect
 self.protocol = self._winrm_connect()
   File 
 /usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py,
 line 90, in _winrm_connect
 err_msg = str(exc.args[0])
 IndexError: tuple index out of range

  --
 You received this message because you are subscribed to the Google Groups
 Ansible Project group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to ansible-project+unsubscr...@googlegroups.com.
 To post to this group, send email to ansible-project@googlegroups.com.
 To view this discussion on the web visit
 https://groups.google.com/d/msgid/ansible-project/5a2d00b4-3009-4912-abe9-28c9764dc9f8%40googlegroups.com
 https://groups.google.com/d/msgid/ansible-project/5a2d00b4-3009-4912-abe9-28c9764dc9f8%40googlegroups.com?utm_medium=emailutm_source=footer
 .

 For more options, visit https://groups.google.com/d/optout.


  --
 You received this message because you are subscribed to the Google Groups
 Ansible Project group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to ansible-project+unsubscr...@googlegroups.com.
 To post to this group, send email to ansible-project@googlegroups.com.
 To view

Re: [ansible-project] Re: Ansible Windows

2014-10-20 Thread Michael DeHaan 
This is probably a good error to file upstream with winrm, such that on
this error it can present something better to the user.

We could catch it, but an IndexError is the wrong sort of exception to be
catching here.



On Sun, Oct 19, 2014 at 2:44 PM, Trond Hindenes tr...@hindenes.com wrote:

 Have you prepared your Windows nodes as per documentation? Basically, yuu
 need to enable WinRM connections over HTTPS, and enable Baisc auth for your
 WinRm endpoint. Look at the documentation, there's a script that will do
 those things for you. I've uploaded a newer version of that script here:
 https://gist.github.com/trondhindenes/2cd162d4b17c2c28ec40

 _Trond


 On Friday, October 17, 2014 5:02:06 PM UTC+2, Bryan Cochrane wrote:

 I am trying to setup windows remoting for ansible.

 I have Ansible version 1.7.2, ee-bryan is Windows 8.1, ee-csg is Windows
 Server 2012. Both have Powershell 4.

 under /etc/ansible I have created hosts as
 [windows]
 ee-bryan
 ee-csg

 and I have created /etc/ansible/group_vars/windows.yml with

 #It is suggested that these be encrypted with ansible-vault:
 # ansible-vault edit group_vars/windows.yml
 #
  ansible_ssh_user: Administrator
  ansible_ssh_pass: password
  ansible_ssh_port: 5986
  ansible_connection: winrm

 but on testing I get

 # ansible windows -m win_ping
 ee-csg.ee.ic.ac.uk | FAILED = Traceback (most recent call last):
   File /usr/lib/python2.7/site-packages/ansible/runner/__init__.py,
 line 561, in _executor
 exec_rc = self._executor_internal(host, new_stdin)
   File /usr/lib/python2.7/site-packages/ansible/runner/__init__.py,
 line 666, in _executor_internal
 return self._executor_internal_inner(host, self.module_name,
 self.module_args, inject, port, complex_args=complex_args)
   File /usr/lib/python2.7/site-packages/ansible/runner/__init__.py,
 line 837, in _executor_internal_inner
 conn = self.connector.connect(actual_host, actual_port, actual_user,
 actual_pass, actual_transport, actual_private_key_file)
   File /usr/lib/python2.7/site-packages/ansible/runner/connection.py,
 line 34, in connect
 self.active = conn.connect()
   File 
 /usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py,
 line 132, in connect
 self.protocol = self._winrm_connect()
   File 
 /usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py,
 line 90, in _winrm_connect
 err_msg = str(exc.args[0])
 IndexError: tuple index out of range

 ee-bryan.ee.ic.ac.uk | FAILED = Traceback (most recent call last):
   File /usr/lib/python2.7/site-packages/ansible/runner/__init__.py,
 line 561, in _executor
 exec_rc = self._executor_internal(host, new_stdin)
   File /usr/lib/python2.7/site-packages/ansible/runner/__init__.py,
 line 666, in _executor_internal
 return self._executor_internal_inner(host, self.module_name,
 self.module_args, inject, port, complex_args=complex_args)
   File /usr/lib/python2.7/site-packages/ansible/runner/__init__.py,
 line 837, in _executor_internal_inner
 conn = self.connector.connect(actual_host, actual_port, actual_user,
 actual_pass, actual_transport, actual_private_key_file)
   File /usr/lib/python2.7/site-packages/ansible/runner/connection.py,
 line 34, in connect
 self.active = conn.connect()
   File 
 /usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py,
 line 132, in connect
 self.protocol = self._winrm_connect()
   File 
 /usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py,
 line 90, in _winrm_connect
 err_msg = str(exc.args[0])
 IndexError: tuple index out of range

  --
 You received this message because you are subscribed to the Google Groups
 Ansible Project group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to ansible-project+unsubscr...@googlegroups.com.
 To post to this group, send email to ansible-project@googlegroups.com.
 To view this discussion on the web visit
 https://groups.google.com/d/msgid/ansible-project/5a2d00b4-3009-4912-abe9-28c9764dc9f8%40googlegroups.com
 https://groups.google.com/d/msgid/ansible-project/5a2d00b4-3009-4912-abe9-28c9764dc9f8%40googlegroups.com?utm_medium=emailutm_source=footer
 .

 For more options, visit https://groups.google.com/d/optout.


-- 
You received this message because you are subscribed to the Google Groups 
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgyryKWdSaka0-uVJzLp9pT%2BgV3dJTQHUSZnnAUCEmFCrQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible Windows

2014-10-19 Thread Trond Hindenes 
Have you prepared your Windows nodes as per documentation? Basically, yuu 
need to enable WinRM connections over HTTPS, and enable Baisc auth for your 
WinRm endpoint. Look at the documentation, there's a script that will do 
those things for you. I've uploaded a newer version of that script here: 
https://gist.github.com/trondhindenes/2cd162d4b17c2c28ec40

_Trond

On Friday, October 17, 2014 5:02:06 PM UTC+2, Bryan Cochrane wrote:

 I am trying to setup windows remoting for ansible.

 I have Ansible version 1.7.2, ee-bryan is Windows 8.1, ee-csg is Windows 
 Server 2012. Both have Powershell 4.

 under /etc/ansible I have created hosts as
 [windows]
 ee-bryan
 ee-csg

 and I have created /etc/ansible/group_vars/windows.yml with

 #It is suggested that these be encrypted with ansible-vault:
 # ansible-vault edit group_vars/windows.yml
 #
  ansible_ssh_user: Administrator
  ansible_ssh_pass: password
  ansible_ssh_port: 5986
  ansible_connection: winrm

 but on testing I get 

 # ansible windows -m win_ping
 ee-csg.ee.ic.ac.uk | FAILED = Traceback (most recent call last):
   File /usr/lib/python2.7/site-packages/ansible/runner/__init__.py, line 
 561, in _executor
 exec_rc = self._executor_internal(host, new_stdin)
   File /usr/lib/python2.7/site-packages/ansible/runner/__init__.py, line 
 666, in _executor_internal
 return self._executor_internal_inner(host, self.module_name, 
 self.module_args, inject, port, complex_args=complex_args)
   File /usr/lib/python2.7/site-packages/ansible/runner/__init__.py, line 
 837, in _executor_internal_inner
 conn = self.connector.connect(actual_host, actual_port, actual_user, 
 actual_pass, actual_transport, actual_private_key_file)
   File /usr/lib/python2.7/site-packages/ansible/runner/connection.py, 
 line 34, in connect
 self.active = conn.connect()
   File 
 /usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py,
  
 line 132, in connect
 self.protocol = self._winrm_connect()
   File 
 /usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py,
  
 line 90, in _winrm_connect
 err_msg = str(exc.args[0])
 IndexError: tuple index out of range

 ee-bryan.ee.ic.ac.uk | FAILED = Traceback (most recent call last):
   File /usr/lib/python2.7/site-packages/ansible/runner/__init__.py, line 
 561, in _executor
 exec_rc = self._executor_internal(host, new_stdin)
   File /usr/lib/python2.7/site-packages/ansible/runner/__init__.py, line 
 666, in _executor_internal
 return self._executor_internal_inner(host, self.module_name, 
 self.module_args, inject, port, complex_args=complex_args)
   File /usr/lib/python2.7/site-packages/ansible/runner/__init__.py, line 
 837, in _executor_internal_inner
 conn = self.connector.connect(actual_host, actual_port, actual_user, 
 actual_pass, actual_transport, actual_private_key_file)
   File /usr/lib/python2.7/site-packages/ansible/runner/connection.py, 
 line 34, in connect
 self.active = conn.connect()
   File 
 /usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py,
  
 line 132, in connect
 self.protocol = self._winrm_connect()
   File 
 /usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py,
  
 line 90, in _winrm_connect
 err_msg = str(exc.args[0])
 IndexError: tuple index out of range



-- 
You received this message because you are subscribed to the Google Groups 
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5a2d00b4-3009-4912-abe9-28c9764dc9f8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.