Hi, Since python 2.7.9 ( I think) python's default behavior has been to validate certificates for any https connections.
The certificate used by the windows hosts is likely self-generated, therefore won't be fully trusted. So in order to avoid the certificate check, you have to set the following var in your ansible inventory/group_vars that apply to your windows hosts. # The following is necessary for Python 2.7.9+ when using default WinRM self-signed certificates:ansible_winrm_server_cert_validation: ignore Its documented here: http://docs.ansible.com/ansible/intro_windows.html#inventory If you would rather python did check the certificate then you will either need to trust the cert for each of your windows hosts, or acquire trusted (not self-signed) certificates for each of your windows hosts, add them to the the computer certificate store and ensure that winrm is using your new certificate. Hope this helps, Jon On Tuesday, June 28, 2016 at 1:37:59 AM UTC+1, Hugo Enrique Hernández Priego wrote: > > Hi > > I'm running ansible against a windows host for testing purposes. but i am > getting this error : > > Red Hat 7.2 > Ansible 1.9.2 > > [ansible-windows]$ ansible windows -i host -m win_ping -vvvvv > > <srvspodvlmx01.wt.mx.corp> ESTABLISH WINRM CONNECTION FOR USER: prhtblad > on PORT 5986 TO srvspodvlmx01.wt.mx.corp > <srvspodvlmx01.wt.mx.corp> WINRM CONNECT: transport=plaintext endpoint= > https://srvspodvlmx01.wt.mx.corp:5986/wsman > srvspodvlmx01.wt.mx.corp | FAILED => Traceback (most recent call last): > File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line > 582, in _executor > exec_rc = self._executor_internal(host, new_stdin) > File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line > 785, in _executor_internal > return self._executor_internal_inner(host, self.module_name, > self.module_args, inject, port, complex_args=complex_args) > File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line > 964, in _executor_internal_inner > conn = self.connector.connect(actual_host, actual_port, actual_user, > actual_pass, actual_transport, actual_private_key_file, delegate_host) > File "/usr/lib/python2.7/site-packages/ansible/runner/connection.py", > line 52, in connect > self.active = conn.connect() > File > "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", > > line 140, in connect > self.protocol = self._winrm_connect() > File > "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", > > line 96, in _winrm_connect > protocol.send_message('') > File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 207, in > send_message > return self.transport.send_message(message) > File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 173, in > send_message > response = self.session.send(prepared_request, > timeout=self.read_timeout_sec) > File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 585, > in send > r = adapter.send(request, **kwargs) > File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 477, > in send > raise SSLError(e, request=request) > SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed > (_ssl.c:765) > > Any idea about this error ? > > Thanks > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/fe44292a-bc85-49a9-80f3-270c6b338556%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
