After spending much of the past day troubleshooting this on my Windows clients I decided to try setting up ansible on an Ubuntu box. Everything worked right the first time. In my corporate environment I need to use RHEL 6.4 so I blew away my host and will try the install again. Sorry for being a newb.
- Aaron On Wednesday, July 30, 2014 4:13:45 PM UTC-7, Damon Overboe wrote: > > The local Administrator account should work, and you don't need to remove > it from the domain. I was trying to say a user account that's registered on > the domain doesn't seem to be supported currently... or I did something > wrong. > > While I personally am an admin on these boxes, I don't have the > credentials for the local Admin account. So instead, I tried: > > > - damon > - damon@domainnamehere > > And those both failed. I saw a post in here about a fork for supporting > domain accounts, but it's still in development, although it sounds like > it's progressing pretty well. > > So then I: > > - created a local user account on the Windows client *(cleverly named > ansible)* > - put them in the administrators group on that client > - updated /etc/ansible/group_vars/windows.yml with their creds > > And that did it (along with the basic auth from earlier). > > > As far as the issue you're seeing, that probably should be a new topic; I > was just bumping and clarifying this one to see if it should be in the > intro page. > > But, have you completed all of the steps on the Windows setup page? > http://docs.ansible.com/intro_windows.html I ask because I had missed > one or two steps on the Windows client, I just scrolled over them by > accident. Here's my summary of the steps I did to get the target client > online and responding: > > ### Prepare the target system(s) > > 1. RDP into the host > 2. Launch Powershell > 3. Run the following commands: > > Enable-PSRemoting -Force > Set-ExecutionPolicy RemoteSigned > > 4. Poke a hole through the firewall: > > Set-NetFirewallRule -Name "WINRM-HTTP-In-TCP-PUBLIC" -RemoteAddress Any > > 5. Create the https certificate > > 6. and then register a listener. *Note that in > order to register it, I had to first run PowerShell, then launch a cmd > window from > there, and THEN register the listener. Also I didn't use the FQDN, only > the output of hostname; also no spaces in the Cert* > > # while in PowersHell, run... > hostname > cmd > winrm create winrm/config/Listener?Address=*+Transport=HTTPS > @{Hostname="yourhostnamehere";CertificateThumbprint="0e...........21"} > > 7. Deleting the HTTP transport worked fine from POSH > > 8. Poke yet another hole in the firewall > > netsh advfirewall firewall add rule Profile=public name="Allow WinRM > HTTPS" dir=in localport=5986 protocol=TCP action=allow > > 9. Test it. 2-3 more steps and this is a 12step program, just like > everything else > on Windows. > > > > > On Wednesday, July 30, 2014 5:20:25 PM UTC-5, Aaron Rogers wrote: >> >> I'm completely new to Ansible but when I saw that Windows support is >> being added I had to jump right in this morning. So far my Ansible instance >> can talk to a test Linux host with no issues. For my Windows box I stumbled >> across your #1 and #2 items mentioned above but I'm not sure what you mean >> by #3. Can you elaborate? >> >> Here is the error I am getting. Note that the Windows box is in a domain >> but I am using the local Administrator account to connect. I can try >> removing it from the domain if you think that is worth testing. >> >> ansible myhost.mydomain.com -m win_ping --ask-vault-pass -vvvv >> Vault password: >> <myhost.mydomain.com> ESTABLISH WINRM CONNECTION FOR USER: Administrator >> on PORT 5985 TO myhost.mydomain.com >> <myhost.mydomain.com> WINRM CONNECT: transport=plaintext endpoint= >> http://myhost.mydomain.com:5985/wsman >> <myhost.mydomain.com> REMOTE_MODULE win_ping >> <myhost.mydomain.com> EXEC (New-Item -Type Directory -Path $env:temp >> -Name "ansible-tmp-1406758554.1-201733087669750").FullName | Write-Host >> -Separator ''; >> <myhost.mydomain.com> WINRM EXEC 'PowerShell' ['-NoProfile', >> '-NonInteractive', '-EncodedCommand', >> 'KABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgB0AGUAbQBwACAALQBOAGEAbQBlACAAIgBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADQAMAA2ADcANQA4ADUANQA0AC4AMQAtADIAMAAxADcAMwAzADAAOAA3ADYANgA5ADcANQAwACIAKQAuAEYAdQBsAGwATgBhAG0AZQAgAHwAIABXAHIAaQB0AGUALQBIAG8AcwB0ACAALQBTAGUAcABhAHIAYQB0AG8AcgAgACcAJwA7AA=='] >> Traceback (most recent call last): >> File "/srv/ansible/lib/ansible/runner/connection_plugins/winrm.py", >> line 147, in exec_command >> result = self._winrm_exec(cmd_parts[0], cmd_parts[1:], from_exec=True) >> File "/srv/ansible/lib/ansible/runner/connection_plugins/winrm.py", >> line 118, in _winrm_exec >> vvvv('WINRM RESULT %r' % response, host=self.host) >> File "/usr/lib/python2.6/site-packages/winrm/__init__.py", line 12, in >> __repr__ >> self.status_code, self.std_out[:20], self.std_err[:20]) >> ValueError: zero length field name in format >> myhost.mydomain.com | FAILED => failed to exec cmd PowerShell -NoProfile >> -NonInteractive -EncodedCommand >> KABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgB0AGUAbQBwACAALQBOAGEAbQBlACAAIgBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADQAMAA2ADcANQA4ADUANQA0AC4AMQAtADIAMAAxADcAMwAzADAAOAA3ADYANgA5ADcANQAwACIAKQAuAEYAdQBsAGwATgBhAG0AZQAgAHwAIABXAHIAaQB0AGUALQBIAG8AcwB0ACAALQBTAGUAcABhAHIAYQB0AG8AcgAgACcAJwA7AA== >> >> >> >> On Wednesday, July 30, 2014 2:15:23 PM UTC-7, Damon Overboe wrote: >>> >>> Sorry to revive a somewhat old post, but I was following the basic guide >>> from here: http://docs.ansible.com/intro_windows.html, and running the >>> command Jason Rizio mentioned solved the 401 error for me as well: >>> >>> winrm set winrm/config/service/auth @{Basic="true"} >>> >>> So I'm thinking, how about adding a debugging section to the bottom that >>> page? >>> >>> 1. Mentioning the Basic auth command *(and any security concerns)* >>> 2. As well as a note about -vvvv to get verbose feedback >>> 3. And possibly a third note about the account (currently) >>> needing to be on the local machine; domain accounts seem like they're >>> still >>> under development on a separate fork. >>> >>> I know Ansible docs recommend you learn it first and then cross over to >>> the dark side, but #2 would probably be huge on that page *(in case >>> there are others just like me that did a tutorial on linux:linux and then >>> thought, wow, lets make this work with Windows!)* >>> >>> On Sunday, June 29, 2014 9:11:55 PM UTC-5, Jason Rizio wrote: >>>> >>>> Well I seemed to have got it working by running the following winrm >>>> command on the windows box: >>>> >>>> *winrm set winrm/config/service/auth @{Basic="true"}* >>>> >>>> It looks like by default the winrm service basic authentication setting >>>> is set to false. >>>> >>>> I also had some issues with ansible complaining that it couldnt find >>>> powershell.ps1 in a python module directory - "imported module support >>>> code >>>> does not exist". Which is wierd as I have not installed Ansible any other >>>> way apart from using Git - I made sure it was a fresh build and ran source >>>> ./hacking/env-setup to make sure. >>>> >>>> I simply copied the powershell.ps1 script to the folder it was looking >>>> for and it now works. >>>> >>>> *cp /home/ubuntu/ansible/lib/ansible/module_utils/powershell.ps1 >>>> /usr/local/lib/python2.7/dist-packages/ansible-1.7-py2.7.egg/ansible/module_utils/* >>>> >>>> Hope this helps you out Trond. >>>> >>>> >>>> >>>> >>>> >>>> On Monday, June 30, 2014 10:44:19 AM UTC+10, Jason Rizio wrote: >>>>> >>>>> Here are my documented steps: >>>>> >>>>> ** Windows Host Setup >>>>> >>>>> Note: Windows server is using Windows Server Datacenter 2008 with SP2 >>>>> (Amazon EC2) >>>>> >>>>> 1. Install Powershell - .NET 4.5 Framework - >>>>> http://www.microsoft.com/en-us/download/details.aspx?id=30653 >>>>> 2. Install Powershell 3.0 - Windows Management Framework 3.0 - >>>>> http://www.microsoft.com/en-us/download/details.aspx?id=34595 >>>>> 3. Run: pip install >>>>> http://github.com/diyan/pywinrm/archive/master.zip#egg=pywinrm on >>>>> Ubuntu Ansible Control box (Ubuntu 14.04) >>>>> 4. Setup Windows servername (ip-xxxxxxxx) in Ansible hosts file >>>>> 5. Setup group_vars/windows.yml with: >>>>> >>>>> ansible_ssh_user: Administrator >>>>> ansible_ssh_pass: "Password" >>>>> ansible_ssh_port: 5986 >>>>> ansible_connection: winrm >>>>> >>>>> 6. Windows server - Powershell command: Enable-PSRemoting -Force >>>>> 7. Windows server - PowerShell command: Set-ExecutionPolicy >>>>> RemoteSigned >>>>> 8. Windows server - cmd: NetSH ADVFirewall Set AllProfiles Settings >>>>> remotemanagement Enable >>>>> 9. Created a self signed certificate using the following powershell >>>>> script (Subject name is the server hostname: ip-xxxxxxxx) - >>>>> http://social.technet.microsoft.com/wiki/contents/articles/4714.how-to-generate-a-self-signed-certificate-using-powershell.aspx >>>>> >>>>> - I answered Yes for both Server and Client Authentication (No to >>>>> everything else) >>>>> >>>>> 10. Copied certificate into Trusted Root Certification Authority >>>>> 11. Windows server - cmd: winrm create >>>>> winrm/config/Listener?Address=*+Transport=HTTPS >>>>> >>>>> @{Hostname="ip-xxxxxxxx";CertificateThumbprint="481asaflkdfj8bee1e44c44320598jdsklfj8ecb4a844d"} >>>>> >>>>> 12. Windows server - cmd: winrm delete >>>>> winrm/config/listener?Address=*+Transport=HTTP >>>>> 13. Windows server - cmd: netsh advfirewall firewall add rule >>>>> Profile=public name="Allow WinRM HTTPS" dir=in localport=5986 >>>>> protocol=TCP >>>>> action=allow >>>>> >>>>> Hope that helps. >>>>> >>>>> cheers, >>>>> Jason >>>>> >>>>> >>>>> On Monday, June 30, 2014 7:02:39 AM UTC+10, Michael DeHaan wrote: >>>>>> >>>>>> Yeah if you want to start a clean one and let us know if you get >>>>>> stuck that would be great. >>>>>> >>>>>> Thank you! >>>>>> >>>>>> >>>>>> On Sun, Jun 29, 2014 at 3:33 PM, Trond Hindenes <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Thanks Michael, >>>>>>> >>>>>>> I've basically been trying to follow the docs - wondering if I >>>>>>> should try and re-setup my ansible node from the beginning and document >>>>>>> each step as I go. As you can see above i'm *pretty* sure there's >>>>>>> nothing wrong with my remoting endpoint :-) >>>>>>> >>>>>>> These VMs live in Azure, so if it would help I'd absolutely be >>>>>>> willing to let you guys have a look for yourselves. In the meantime >>>>>>> I'll >>>>>>> just build a fresh ansible host. >>>>>>> >>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "Ansible Project" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to [email protected]. >>>>>>> To post to this group, send email to [email protected]. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/d/msgid/ansible-project/28312eb2-1563-43b3-9882-68a8ecf3e3fc%40googlegroups.com >>>>>>> >>>>>>> <https://groups.google.com/d/msgid/ansible-project/28312eb2-1563-43b3-9882-68a8ecf3e3fc%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>> >>>>>> >>>>>> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/c64d9d29-91d0-4904-ae7a-59079565ed2d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
