Hi Jon
My ansible control node have python 2.7.5 [ansible@ansible-server ansible-windows]$ python --version *Python 2.7.5* [ansible@ansible-server ansible-windows]$ So i follow this link http://docs.ansible.com/ansible/intro_windows.html <http://docs.ansible.com/ansible/intro_windows.html#inventory> My windows.yml [ansible@ansible-server ansible-windows]$ cat group_vars/windows.yml # it is suggested that these be encrypted with ansible-vault: # # ansible-vault edit group_vars/windows.yml ansible_ssh_user: ansible ansible_ssh_pass: xxxxxx ansible_ssh_port: 5986 ansible_connection: winrm # The following is necessary for Python 2.7.9+ when using default WinRM self-signed certificates: ansible_winrm_server_cert_validation: ignore i try with the recomendation of python 2.7.9+ but fails anyway [ansible@ansible-server ansible-windows]$ ansible windows -i host -m win_ping -vvvvv <mywindowshost.wt.mx.corp> ESTABLISH WINRM CONNECTION FOR USER: ansible on PORT 5986 TO mywindowshost.wt.mx.corp <mywindowshostwt.mx.corp> WINRM CONNECT: transport=plaintext endpoint=https://mywindowshost.wt.mx.corp:5986/wsman mywindowshost.wt.mx.corp | FAILED => Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line 582, in _executor exec_rc = self._executor_internal(host, new_stdin) File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line 785, in _executor_internal return self._executor_internal_inner(host, self.module_name, self.module_args, inject, port, complex_args=complex_args) File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line 964, in _executor_internal_inner conn = self.connector.connect(actual_host, actual_port, actual_user, actual_pass, actual_transport, actual_private_key_file, delegate_host) File "/usr/lib/python2.7/site-packages/ansible/runner/connection.py", line 52, in connect self.active = conn.connect() File "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", line 140, in connect self.protocol = self._winrm_connect() File "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", line 96, in _winrm_connect protocol.send_message('') File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 207, in send_message return self.transport.send_message(message) File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 173, in send_message response = self.session.send(prepared_request, timeout=self.read_timeout_sec) File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 585, in send r = adapter.send(request, **kwargs) File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 477, in send raise SSLError(e, request=request) SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:765) With both method fails, so i do a testing conection with Curl and its OK ansible@ansible-server ansible-windows]$ curl -vk -d "" -u "ansible:xxxxxxx" https://mywindowshost.wt.mx.corp:5986/wsman * About to connect() to mywindowshost.wt.mx.corp port 5986 (#0) * Trying 22.134.234.100... * Connected to mywindowshost.wt.mx.corp (22.134.234.100) port 5986 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * skipping SSL peer certificate verification * SSL connection using TLS_RSA_WITH_AES_128_CBC_SHA * Server certificate: * subject: CN=mywindowshost * start date: Jun 27 18:16:45 2016 GMT * expire date: Jun 27 18:16:45 2017 GMT * common name: mywindowshost * issuer: CN=mywindowshost * Server auth using Basic with user 'ansible' > POST /wsman HTTP/1.1 > Authorization: Basic cHJodGJsYWQ6QmxhKjg2LmxvZw== > User-Agent: curl/7.29.0 > Host: mywindowshost.wt.mx.corp:5986 > Accept: */* > Content-Length: 0 > Content-Type: application/x-www-form-urlencoded > < HTTP/1.1 411 < Server: Microsoft-HTTPAPI/2.0 < Date: Wed, 29 Jun 2016 18:19:37 GMT < Connection: close < Content-Length: 0 < * Closing connection 0 Any idea ? Thanks El martes, 28 de junio de 2016, 2:59:13 (UTC-5), J Hawkesworth escribió: > > Hi, > > Since python 2.7.9 ( I think) python's default behavior has been to > validate certificates for any https connections. > > The certificate used by the windows hosts is likely self-generated, > therefore won't be fully trusted. > > So in order to avoid the certificate check, you have to set the following > var in your ansible inventory/group_vars that apply to your windows hosts. > > # The following is necessary for Python 2.7.9+ when using default WinRM > self-signed certificates:ansible_winrm_server_cert_validation: ignore > > > Its documented here: > http://docs.ansible.com/ansible/intro_windows.html#inventory > > If you would rather python did check the certificate then you will either > need to trust the cert for each of your windows hosts, or acquire trusted > (not self-signed) certificates for each of your windows hosts, add them to > the the computer certificate store and ensure that winrm is using your new > certificate. > > Hope this helps, > > Jon > > > On Tuesday, June 28, 2016 at 1:37:59 AM UTC+1, Hugo Enrique Hernández > Priego wrote: >> >> Hi >> >> I'm running ansible against a windows host for testing purposes. but i am >> getting this error : >> >> Red Hat 7.2 >> Ansible 1.9.2 >> >> [ansible-windows]$ ansible windows -i host -m win_ping -vvvvv >> >> <srvspodvlmx01.wt.mx.corp> ESTABLISH WINRM CONNECTION FOR USER: prhtblad >> on PORT 5986 TO srvspodvlmx01.wt.mx.corp >> <srvspodvlmx01.wt.mx.corp> WINRM CONNECT: transport=plaintext endpoint= >> https://srvspodvlmx01.wt.mx.corp:5986/wsman >> srvspodvlmx01.wt.mx.corp | FAILED => Traceback (most recent call last): >> File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", >> line 582, in _executor >> exec_rc = self._executor_internal(host, new_stdin) >> File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", >> line 785, in _executor_internal >> return self._executor_internal_inner(host, self.module_name, >> self.module_args, inject, port, complex_args=complex_args) >> File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", >> line 964, in _executor_internal_inner >> conn = self.connector.connect(actual_host, actual_port, actual_user, >> actual_pass, actual_transport, actual_private_key_file, delegate_host) >> File "/usr/lib/python2.7/site-packages/ansible/runner/connection.py", >> line 52, in connect >> self.active = conn.connect() >> File >> "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", >> >> line 140, in connect >> self.protocol = self._winrm_connect() >> File >> "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", >> >> line 96, in _winrm_connect >> protocol.send_message('') >> File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 207, in >> send_message >> return self.transport.send_message(message) >> File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 173, >> in send_message >> response = self.session.send(prepared_request, >> timeout=self.read_timeout_sec) >> File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 585, >> in send >> r = adapter.send(request, **kwargs) >> File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 477, >> in send >> raise SSLError(e, request=request) >> SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed >> (_ssl.c:765) >> >> Any idea about this error ? >> >> Thanks >> > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/102cf974-6d71-4c47-8758-93d55f02462a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
