Nice - we can do some digging/testing and I'd also welcome other suggestions, though this is likely something we can include in our example scripts dir to get people started!
I'm curious what might be required on older Windowseses (yes, that's a word, I know it is!) On Tue, Jul 1, 2014 at 5:38 PM, Trond Hindenes <[email protected]> wrote: > On a Windows 2012 or 2012R2 host, this script should do the trick: > https://gist.github.com/trondhindenes/b9b5b25b11273cc35659 > > I need to stand up a 2008R2-based machine tomorrow and make the script > compatible > > I can simply invoke it by starting Powershell (as admin) and run the 2 > following lines: > > $VerbosePreference = "Continue" > iex ((new-object net.webclient).DownloadString(' > https://gist.githubusercontent.com/trondhindenes/b9b5b25b11273cc35659/raw/eb1f14ea65518fcd5e4a4159af4d68927c6e4fbf/configure-ansibletarget.ps1' > )) > I'd love to see some feedback on it! > > On Tuesday, July 1, 2014 6:58:17 PM UTC+2, Trond Hindenes wrote: > >> I absolutely agree. I'm gona cook together something for auto-configuring >> my Azure lab VMs for Ansible, I'll try and make it generic enough to work >> in most scenarios. >> >> -Trond >> >> On Tuesday, July 1, 2014 5:42:55 PM UTC+2, Michael DeHaan wrote: >> >>> We've discussed the idea of having an installer or other kind of setup >>> script for these kind of things. >>> >>> Anyone with Powershell experience interested in helping in such an >>> effort? >>> >>> We could try to programatically include basic auth as well. >>> >>> As for documentation, this all lives in docsite/rst in the checkout, if >>> you want to add additions about how you changed them -- this would be quite >>> welcome! >>> >>> >>> >>> >>> On Tue, Jul 1, 2014 at 5:47 AM, Trond Hindenes <[email protected]> >>> wrote: >>> >>>> Jason, you were right on the money on both counts. >>>> >>>> What was missing on the WinRM listener was the "basic" auth mechanism. >>>> Looks like the default config only has Kerberos and Negotiate >>>> authentication enabled (which was news for me). --> This should be added to >>>> the documentation I guess. >>>> >>>> I also needed to move that file like you did. Running Ubuntu 12.04. >>>> >>>> Again, thanks for your help! >>>> >>>> >>>> >>>> On Monday, June 30, 2014 6:03:45 PM UTC+2, Trond Hindenes wrote: >>>> >>>>> Thanks Jason, I'll test your suggestions on my node(s) and report back. >>>>> >>>>> On Monday, June 30, 2014 4:11:55 AM UTC+2, Jason Rizio wrote: >>>>>> >>>>>> Well I seemed to have got it working by running the following winrm >>>>>> command on the windows box: >>>>>> >>>>>> *winrm set winrm/config/service/auth @{Basic="true"}* >>>>>> >>>>>> It looks like by default the winrm service basic authentication >>>>>> setting is set to false. >>>>>> >>>>>> I also had some issues with ansible complaining that it couldnt find >>>>>> powershell.ps1 in a python module directory - "imported module support >>>>>> code >>>>>> does not exist". Which is wierd as I have not installed Ansible any other >>>>>> way apart from using Git - I made sure it was a fresh build and ran >>>>>> source >>>>>> ./hacking/env-setup to make sure. >>>>>> >>>>>> I simply copied the powershell.ps1 script to the folder it was >>>>>> looking for and it now works. >>>>>> >>>>>> *cp /home/ubuntu/ansible/lib/ansible/module_utils/powershell.ps1 >>>>>> /usr/local/lib/python2.7/dist-packages/ansible-1.7-py2.7.egg/ansible/module_utils/* >>>>>> >>>>>> Hope this helps you out Trond. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On Monday, June 30, 2014 10:44:19 AM UTC+10, Jason Rizio wrote: >>>>>>> >>>>>>> Here are my documented steps: >>>>>>> >>>>>>> ** Windows Host Setup >>>>>>> >>>>>>> Note: Windows server is using Windows Server Datacenter 2008 with >>>>>>> SP2 (Amazon EC2) >>>>>>> >>>>>>> 1. Install Powershell - .NET 4.5 Framework - >>>>>>> http://www.microsoft.com/en-us/download/details.aspx?id=30653 >>>>>>> 2. Install Powershell 3.0 - Windows Management Framework 3.0 - >>>>>>> http://www.microsoft.com/en-us/download/details.aspx?id=34595 >>>>>>> 3. Run: pip install http://github.com/diyan/pywinr >>>>>>> m/archive/master.zip#egg=pywinrm on Ubuntu Ansible Control box >>>>>>> (Ubuntu 14.04) >>>>>>> 4. Setup Windows servername (ip-xxxxxxxx) in Ansible hosts file >>>>>>> 5. Setup group_vars/windows.yml with: >>>>>>> >>>>>>> ansible_ssh_user: Administrator >>>>>>> ansible_ssh_pass: "Password" >>>>>>> ansible_ssh_port: 5986 >>>>>>> ansible_connection: winrm >>>>>>> >>>>>>> 6. Windows server - Powershell command: Enable-PSRemoting -Force >>>>>>> 7. Windows server - PowerShell command: Set-ExecutionPolicy >>>>>>> RemoteSigned >>>>>>> 8. Windows server - cmd: NetSH ADVFirewall Set AllProfiles Settings >>>>>>> remotemanagement Enable >>>>>>> 9. Created a self signed certificate using the following powershell >>>>>>> script (Subject name is the server hostname: ip-xxxxxxxx) - >>>>>>> http://social.technet.microsoft.com/wiki/contents/articles/ >>>>>>> 4714.how-to-generate-a-self-signed-certificate-using-powershell.aspx >>>>>>> >>>>>>> - I answered Yes for both Server and Client Authentication (No to >>>>>>> everything else) >>>>>>> >>>>>>> 10. Copied certificate into Trusted Root Certification Authority >>>>>>> 11. Windows server - cmd: winrm create >>>>>>> winrm/config/Listener?Address=*+Transport=HTTPS >>>>>>> @{Hostname="ip-xxxxxxxx";CertificateThumbprint="481asaflkdf >>>>>>> j8bee1e44c44320598jdsklfj8ecb4a844d"} >>>>>>> >>>>>>> 12. Windows server - cmd: winrm delete winrm/config/listener?Address= >>>>>>> *+Transport=HTTP >>>>>>> 13. Windows server - cmd: netsh advfirewall firewall add rule >>>>>>> Profile=public name="Allow WinRM HTTPS" dir=in localport=5986 >>>>>>> protocol=TCP >>>>>>> action=allow >>>>>>> >>>>>>> Hope that helps. >>>>>>> >>>>>>> cheers, >>>>>>> Jason >>>>>>> >>>>>>> >>>>>>> On Monday, June 30, 2014 7:02:39 AM UTC+10, Michael DeHaan wrote: >>>>>>>> >>>>>>>> Yeah if you want to start a clean one and let us know if you get >>>>>>>> stuck that would be great. >>>>>>>> >>>>>>>> Thank you! >>>>>>>> >>>>>>>> >>>>>>>> On Sun, Jun 29, 2014 at 3:33 PM, Trond Hindenes <[email protected] >>>>>>>> > wrote: >>>>>>>> >>>>>>>>> Thanks Michael, >>>>>>>>> >>>>>>>>> I've basically been trying to follow the docs - wondering if I >>>>>>>>> should try and re-setup my ansible node from the beginning and >>>>>>>>> document >>>>>>>>> each step as I go. As you can see above i'm *pretty* sure there's >>>>>>>>> nothing wrong with my remoting endpoint :-) >>>>>>>>> >>>>>>>>> These VMs live in Azure, so if it would help I'd absolutely be >>>>>>>>> willing to let you guys have a look for yourselves. In the meantime >>>>>>>>> I'll >>>>>>>>> just build a fresh ansible host. >>>>>>>>> >>>>>>>>> -- >>>>>>>>> You received this message because you are subscribed to the Google >>>>>>>>> Groups "Ansible Project" group. >>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>> send an email to [email protected]. >>>>>>>>> To post to this group, send email to [email protected]. >>>>>>>>> To view this discussion on the web visit >>>>>>>>> https://groups.google.com/d/msgid/ansible-project/28312eb2- >>>>>>>>> 1563-43b3-9882-68a8ecf3e3fc%40googlegroups.com >>>>>>>>> <https://groups.google.com/d/msgid/ansible-project/28312eb2-1563-43b3-9882-68a8ecf3e3fc%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>>>> . >>>>>>>>> >>>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>>> >>>>>>>> >>>>>>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Ansible Project" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To post to this group, send email to [email protected]. >>>> To view this discussion on the web visit https://groups.google.com/d/ >>>> msgid/ansible-project/dd412d61-1842-4a45-b806- >>>> 7bf8a203bda4%40googlegroups.com >>>> <https://groups.google.com/d/msgid/ansible-project/dd412d61-1842-4a45-b806-7bf8a203bda4%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/ba2c25f7-ae7c-410f-9cb4-8036e6b301c0%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/ba2c25f7-ae7c-410f-9cb4-8036e6b301c0%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgwyE1qygGH2w%3DfEFOBsYvhnho8cmROJZR7jaLGfJnj%3DUw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
