Hi, You've hit the nail right on the head!! "Issue" solved...
Le jeudi 16 novembre 2017 13:19:18 UTC+1, macro...@gmail.com a écrit : > > Good morning, > > I'm struggling with an annoying issue with my current Ansible setup. > Ansible master server is configured and I'm testing basic connectiviy with > Linux and Windows nodes. > Connectivity with Linux nodes is working fine, ad-hoc commands return > expected values. > > Windows test node is configured with an HTTPs listener (with server > certificate installed), firewall is disabled, WinRM service is started and > available from other Windows hosts. So far I can successfully issue wman > commands locally & remotely from Windows nodes: > > test-wsman -computername winsrv01.domain.lan -Usessl > > wsmid : >> http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd >> ProtocolVersion : http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd >> ProductVendor : Microsoft Corporation >> ProductVersion : OS: 0.0.0 SP: 0.0 Stack: 3.0 > > > Ansible win_ping issued from Ansible server fails: > > ansible 2.4.0.0 >> >> config file = /etc/ansible/ansible.cfg >> >> configured module search path = >>> [u'/home/ansible/.ansible/plugins/modules', >>> u'/usr/share/ansible/plugins/modules'] >> >> ansible python module location = >>> /usr/lib/python2.7/site-packages/ansible >> >> executable location = /usr/bin/ansible >> >> python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 >>> 20150623 (Red Hat 4.8.5-16)] >> >> Using /etc/ansible/ansible.cfg as config file >> >> setting up inventory plugins >> >> Set default localhost to localhost >> >> Parsed /etc/ansible/hosts inventory source with ini plugin >> >> Loading callback plugin minimal of type stdout, v2.0 from >>> /usr/lib/python2.7/site-packages/ansible/plugins/callback/__init__.pyc >> >> META: ran handlers >> >> Using module file >>> /usr/lib/python2.7/site-packages/ansible/modules/windows/win_ping.ps1 >> >> <winsrv01.DOMAIN.LAN> ESTABLISH SSH CONNECTION FOR USER:winu...@domain.lan >> >> <winsrv01.DOMAIN.LAN> SSH: ansible.cfg set ssh_args: >>> (-C)(-o)(ControlMaster=auto)(-o)(ControlPersist=60s) >> >> <winsrv01.DOMAIN.LAN> SSH: ANSIBLE_REMOTE_PORT/remote_port/ansible_port >>> set: (-o)(Port=5986) >> >> <winsrv01.DOMAIN.LAN> SSH: >>> ANSIBLE_PRIVATE_KEY_FILE/private_key_file/ansible_ssh_private_key_file set: >>> (-o)(IdentityFile="/home/ansible/.ssh/myrsakey") >> >> <winsrv01.DOMAIN.LAN> SSH: >>> ANSIBLE_REMOTE_USER/remote_user/ansible_user/user/-u set: >>> (-o)(User=winu...@domain.lan) >> >> <winsrv01.DOMAIN.LAN> SSH: ANSIBLE_TIMEOUT/timeout set: >>> (-o)(ConnectTimeout=60) >> >> <winsrv01.DOMAIN.LAN> SSH: found only ControlPersist; added ControlPath: >>> (-o)(ControlPath=/home/ansible/.ansible/cp/208bf2aa12) >> >> <winsrv01.DOMAIN.LAN> SSH: EXEC sshpass -d12 ssh -vvv -C -o >>> ControlMaster=auto -o ControlPersist=60s -o Port=5986 -o >>> 'IdentityFile="/home/ansible/.ssh/myrsakey"' -o User=winu...@domain.lan -o >>> ConnectTimeout=60 -o ControlPath=/home/ansible/.ansible/cp/208bf2aa12 >>> winsrv01.DOMAIN.LAN '/bin/sh -c '"'"'echo ~ && sleep 0'"'"'' >> >> <winsrv01.DOMAIN.LAN> (255, '', 'OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 >>> Jan 2017\r\ndebug1: Reading configuration data >>> /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 58: Applying >>> options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: >>> Control socket "/home/ansible/.ansible/cp/208bf2aa12" does not >>> exist\r\ndebug2: resolving "winsrv01.DOMAIN.LAN" port 5986\r\ndebug2: >>> ssh_connect_direct: needpriv 0\r\ndebug1: Connecting to winsrv01.DOMAIN.LAN >>> [10.0.0.4] port 5986.\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug1: fd 3 >>> clearing O_NONBLOCK\r\ndebug1: Connection established.\r\ndebug3: timeout: >>> 59999 ms remain after connect\r\ndebug1: identity file >>> /home/ansible/.ssh/myrsakey type 1\r\ndebug1: key_load_public: No such file >>> or directory\r\ndebug1: identity file /home/ansible/.ssh/myrsakey-cert type >>> -1\r\ndebug1: Enabling compatibility mode for protocol 2.0\r\ndebug1: Local >>> version string SSH-2.0-OpenSSH_7.4\r\nConnection timed out during banner >>> exchange\r\n') >> >> winsrv01.DOMAIN.LAN | UNREACHABLE! => { >> >> "changed": false, >> >> "msg": "Failed to connect to the host via ssh: OpenSSH_7.4p1, OpenSSL >>> 1.0.2k-fips 26 Jan 2017\r\ndebug1: Reading configuration data >>> /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 58: Applying >>> options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: >>> Control socket \"/home/ansible/.ansible/cp/208bf2aa12\" does not >>> exist\r\ndebug2: resolving \"winsrv01.DOMAIN.LAN\" port 5986\r\ndebug2: >>> ssh_connect_direct: needpriv 0\r\ndebug1: Connecting to winsrv01.DOMAIN.LAN >>> [10.0.0.4] port 5986.\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug1: fd 3 >>> clearing O_NONBLOCK\r\ndebug1: Connection established.\r\ndebug3: timeout: >>> 59999 ms remain after connect\r\ndebug1: identity file >>> /home/ansible/.ssh/myrsakey type 1\r\ndebug1: key_load_public: No such file >>> or directory\r\ndebug1: identity file /home/ansible/.ssh/myrsakey-cert type >>> -1\r\ndebug1: Enabling compatibility mode for protocol 2.0\r\ndebug1: Local >>> version string SSH-2.0-OpenSSH_7.4\r\nConnection timed out during banner >>> exchange\r\n", >> >> "unreachable": true >> >> } >> >> pywinrm test script can properly connect to Windows node (after issuing >> kinit manually on Ansible server to grap a Kerberos ticket): >> > > python test_winrm.py > > > # test_winrm.py > > p = Protocol( > endpoint='https://winsrv01.domain.lan:5986/wsman',// > transport='kerberos', > username='winu...@domain.lan', > server_cert_validation='ignore') > > > shell_id = p.open_shell() > > > command_id = p.run_command(shell_id, 'hostname') > > > std_out, std_err, status_code = p.get_command_output(shell_id, command_id) > > > print std_out > > > Ansible "/etc/ansible/hosts" file : > > > [local] > localhost ansible_connection=local > > > [windows] > winsrv01.DOMAIN.LAN > > > [linux] > linuxsrv01.DOMAIN.LAN > > Ansible variables "/etc/ansible/group_vars/windows.yml: > > > --- > # /etc/ansible/group_vars/windows.ym > ansible_user: winu...@domain.lan > ansible_password: xxxxxxxxxxxxxxxx > ansible_port: 5986 > ansible_connexion: winrm > ansible_winrm_scheme: https > ansible_winrm_transport: kerberos,ntlm,plaintext > ansible_winrm_operation_timeout_sec: 60 > ansible_winrm_server_cert_validation: ignore > > > I'm not sure why debug messages show SSH stuff even if target host is a > Windows node... > > Help would be greatly appreciated > > Thanks in advance > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/948e51b9-9d82-46c3-b9e5-b13f77581747%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
