Hi Matt, I'm using dynamically generated inventory in this case. So, I've
used Ansible to generate a Windows instance and then I do this:
PLAY [Configure the EC2 instance]
**********************************************
TASK [setup]
*******************************************************************
gather_facts: True
vars:
ansible_port: 5986
ansible_connection: winrm
ansible_winrm_transport: ssl
ansible_winrm_server_cert_validation: ignore
....
....
And I get this outcome:
PLAY [Configure the EC2 instance]
**********************************************
TASK [setup]
*******************************************************************
<52.36.20.10> ESTABLISH WINRM CONNECTION FOR USER: Administrator on PORT
5986 TO 52.36.20.10
<52.36.20.10> WINRM CONNECT: transport=ssl endpoint=https:
//52.36.20.10:5986/wsman
<52.36.20.10> WINRM CONNECTION ERROR: 500 WinRMTransport. [SSL:
CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
Traceback (most recent call last):
File
"/usr/local/lib/python2.7/site-packages/ansible/plugins/connection/winrm.py"
, line 138, in _winrm_connect
protocol.send_message('')
File "/home/ec2-user/.local/lib/python2.7/site-packages/winrm/protocol.py"
, line 193, in send_message
return self.transport.send_message(message)
File
"/home/ec2-user/.local/lib/python2.7/site-packages/winrm/transport.py",
line 138, in send_message
raise WinRMTransportError('http', ex.reason)
WinRMTransportError: 500 WinRMTransport. [SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed (_ssl.c:590)
fatal: [52.36.20.10]: FAILED! => {"failed": true, "msg": "ssl: 500
WinRMTransport. [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
(_ssl.c:590)"}
Am I missing something here??
-J
On Thursday, March 3, 2016 at 10:43:43 AM UTC-6, Matt Martz wrote:
>
> The appropriate solution to verifying SSL or not in v2 is to put the
> following in your inventory:
>
> ansible_winrm_server_cert_validation=ignore ansible_winrm_transport=ssl
>
> As for xmltodict, you didn't say why those things didn't work, but a `pip
> install -U xmltodict --user python` should have worked. I notice the thing
> that did work, indicated that you needed to use `--user`, and the things
> that didn't work did not include that flag.
>
> On Thu, Mar 3, 2016 at 10:38 AM, Slim Slam <[email protected]
> <javascript:>> wrote:
>
>> Ansible 2.0.1
>>
>> Control machine: Latest version of Amazon Linux - CentOS 6 variant (has
>> stock Python 2.7.10)
>> Target machine: AWS Windows Server 2012R2 (prepared for Ansible)
>>
>> Two errors occur:
>>
>> 1. "ImportError: No module named xmltodict"
>>
>> Solution:
>>
>> Things that DID NOT WORK:
>> pip install xmltodict
>> pip install python-xmltodict
>> yum install xmltodict
>> yum install python-xmltodict
>>
>> Thing that DID WORK:
>> pip install --upgrade pywinrm --user python
>>
>> 2. "WinRMTransportError: 500 WinRMTransport. [SSL:
>> CERTIFICATE_VERIFY_FAILED] certificate verify failed"
>>
>> Solution:
>> There are a few solutions, but I like my solution here:
>> https://groups.google.com/d/msg/ansible-project/PNzzvbeT5hY/BwfgLOBIDAAJ
>>
>> Slightly modified for Amazon Linux:
>>
>> Edit (or create) the file
>> /usr/lib/python2.7/site-packages/sitecustomize.py
>> Add this code to the file:
>>
>> import ssl
>>
>> try:
>> _create_unverified_https_context = ssl._create_unverified_context
>> except AttributeError:
>> # Legacy Python that doesn't verify HTTPS certificates by default
>> pass
>> else:
>> # Handle target environment that doesn't support HTTPS verification
>> ssl._create_default_https_context = _create_unverified_https_context
>>
>> Isn't this supposed to be fixed (or have an option) in Ansible 2 ??
>>
>> ===
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected] <javascript:>.
>> To post to this group, send email to [email protected]
>> <javascript:>.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/65be21d8-1281-4fca-8dda-d60ff62f6518%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/ansible-project/65be21d8-1281-4fca-8dda-d60ff62f6518%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> --
> Matt Martz
> @sivel
> sivel.net
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/a737dc6e-902a-460d-883a-9b39180d0ce2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
