I have since tried win_ping and raw, but I haven't had time to test "allow
on Execute Methods and Remote enable" on the windows server.
Both modules work fine when I'm a local admin on the windows server.
Both fail at the "Gather Facts" when I'm not a local admin.
ansible windows -i inventory/dev/hosts -m win_ping
Traceback (most recent call last):
File
"/usr/lib/python2.6/site-packages/ansible/runner/connection_plugins/winrm.py",
line 161, in exec_command
result = self._winrm_exec(cmd_parts[0], cmd_parts[1:], from_exec=True)
File
"/usr/lib/python2.6/site-packages/ansible/runner/connection_plugins/winrm.py",
line 122, in _winrm_exec
self.shell_id = self.protocol.open_shell()
File "/usr/lib/python2.6/site-packages/winrm/protocol.py", line 121, in
open_shell
rs = self.send_message(xmltodict.unparse(rq))
File "/usr/lib/python2.6/site-packages/winrm/protocol.py", line 193, in
send_message
return self.transport.send_message(message)
File "/usr/lib/python2.6/site-packages/winrm/transport.py", line 136, in
send_message
raise WinRMTransportError('http', error_message)
WinRMTransportError: 500 WinRMTransport. Bad HTTP response returned from
server. Code 500
<servername> | FAILED => failed to exec cmd PowerShell -NoProfile
-NonInteractive -EncodedCommand
I disabled gathering facts and get the same error message.
My output from the raw module:
ansible-playbook -i inventory/dev/hosts playbooks/test_windows.yml
PLAY [test script module]
*****************************************************
TASK: [run ipconfig]
**********************************************************
Traceback (most recent call last):
File
"/usr/lib/python2.6/site-packages/ansible/runner/connection_plugins/winrm.py",
line 161, in exec_command
result = self._winrm_exec(cmd_parts[0], cmd_parts[1:], from_exec=True)
File
"/usr/lib/python2.6/site-packages/ansible/runner/connection_plugins/winrm.py",
line 122, in _winrm_exec
self.shell_id = self.protocol.open_shell()
File "/usr/lib/python2.6/site-packages/winrm/protocol.py", line 121, in
open_shell
rs = self.send_message(xmltodict.unparse(rq))
File "/usr/lib/python2.6/site-packages/winrm/protocol.py", line 193, in
send_message
return self.transport.send_message(message)
File "/usr/lib/python2.6/site-packages/winrm/transport.py", line 136, in
send_message
raise WinRMTransportError('http', error_message)
WinRMTransportError: 500 WinRMTransport. Bad HTTP response returned from
server. Code 500
fatal: [<servername>] => failed to exec cmd ipconfig
FATAL: all hosts have already failed -- aborting
On Tuesday, 23 February 2016 09:51:25 UTC, Trond Hindenes wrote:
>
> Interesting. My guess would be that this works, as Ansible doesn't do
> anything outside the logged-on user's profile (until you start pushing
> tasks that require admin access, of course). What is the exact error you're
> getting? Can you use the "raw" module to do something simple like list the
> contents of your profile or something? I'd really like to see the full
> verbose log from your console aswell.
>
> On Saturday, February 20, 2016 at 5:35:17 PM UTC+1, Julian Saunders wrote:
>>
>> Hello,
>>
>> I use Ansible to manage Linux hosts and just recently had a requirement
>> to manage Windows Servers.
>>
>> I have Ansible working against a Windows 2012 R2 host using an account
>> (test_user) that is part of the "administrators" group.
>>
>> I would like reduce the rights of test_user, so it is no longer in the
>> "administrators" group, but can still connect and copy files to its own
>> homedrive, and basically run commands that a user that is part of the
>> "Users" group can.
>>
>> On removing the user Ansible provives the following error:
>>
>> fatal: [servername] => 401 Unauthorized. basic auth failed
>>
>>
>> I did a bit of research and found the user needed to be part of the
>> "Remote Management Users", this would allow test_user to run Powershell
>> remotely. I tested this from another Windows host, and yes it works.
>>
>>
>> PS> $options=New-PSSessionOption -SkipCACheck -SkipCNCheck
>> PS> Enter-PSSession -ComputerName servername -Credential
>> servername\test_user -UseSSL -SessionOption $options
>>
>>
>> However via Ansible I get the following error:
>>
>> fatal: [servername] => failed to exec cmd PowerShell -NoProfile
>> -NonInteractive -EncodedCommand...
>>
>>
>> Does anyone know if it's possible to run Ansible against a Windows hosts
>> with a non admin user?
>>
>> Thanks.
>>
>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/a1d0221b-8019-4b4c-96ff-1255f7d8cf07%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
