Just out of curiosity, why are you still using Ansible 1.9? The Windows support was barely working there- things are much faster and more supported in the 2.x series. You'll absolutely need the ansible_winrm_server_cert_validation: ignore to get past this, and you need to be on a minimum of 1.9.5 (I think I might've said 1.9.4 before).
On Wednesday, June 29, 2016 at 4:36:08 PM UTC-7, Hugo Enrique Hernández Priego wrote: > > Hi > > I remove that line and try again > > [ansible@ansible-server ansible-windows]$ cat group_vars/windows.yml > # it is suggested that these be encrypted with ansible-vault: > # # ansible-vault edit group_vars/windows.yml > ansible_ssh_user: ansible > ansible_ssh_pass: xxxxxx > ansible_ssh_port: 5986 > ansible_connection: winrm > > but i getting the same error, > > [ansible@ansible-server ansible-windows]$ ansible windows -i host -m > win_ping -vvvvv > <mywindowshost.wt.mx.corp> ESTABLISH WINRM CONNECTION FOR USER: ansible on > PORT 5986 TO srvspodvlmx01.wt.mx.corp > <mywindowshost.wt.mx.corp> WINRM CONNECT: transport=plaintext endpoint= > https://mywindowshost.wt.mx.corp:5986/wsman > mywindowshost.wt.mx.corp | FAILED => Traceback (most recent call last): > File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line > 582, in _executor > exec_rc = self._executor_internal(host, new_stdin) > File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line > 785, in _executor_internal > return self._executor_internal_inner(host, self.module_name, > self.module_args, inject, port, complex_args=complex_args) > File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line > 964, in _executor_internal_inner > conn = self.connector.connect(actual_host, actual_port, actual_user, > actual_pass, actual_transport, actual_private_key_file, delegate_host) > File "/usr/lib/python2.7/site-packages/ansible/runner/connection.py", > line 52, in connect > self.active = conn.connect() > File > "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", > > line 140, in connect > self.protocol = self._winrm_connect() > File > "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", > > line 96, in _winrm_connect > protocol.send_message('') > File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 207, in > send_message > return self.transport.send_message(message) > File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 173, in > send_message > response = self.session.send(prepared_request, > timeout=self.read_timeout_sec) > File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 585, > in send > r = adapter.send(request, **kwargs) > File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 477, > in send > raise SSLError(e, request=request) > SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed > (_ssl.c:765) > > I follow all requeriments > > any suggestion?? > > Regards > > El miércoles, 29 de junio de 2016, 15:45:58 (UTC-5), Matt Davis escribió: >> >> You need to be using at least Ansible 1.9.4 (preferably 2.1) and pywinrm >> 0.1.1 (preferably 0.2.0) to pass the certificate validation disable to >> pywinrm. 1.9.2 will be *very* slow and suboptimal for Windows work in many >> ways. >> >> On Wednesday, June 29, 2016 at 11:19:21 AM UTC-7, Hugo Enrique Hernández >> Priego wrote: >>> >>> Hi Jon >>> >>> >>> My ansible control node have python 2.7.5 >>> >>> [ansible@ansible-server ansible-windows]$ python --version >>> *Python 2.7.5* >>> [ansible@ansible-server ansible-windows]$ >>> >>> So i follow this link http://docs.ansible.com/ansible/intro_windows.html >>> <http://docs.ansible.com/ansible/intro_windows.html#inventory> >>> >>> My windows.yml >>> >>> [ansible@ansible-server ansible-windows]$ cat group_vars/windows.yml >>> # it is suggested that these be encrypted with ansible-vault: >>> # # ansible-vault edit group_vars/windows.yml >>> ansible_ssh_user: ansible >>> ansible_ssh_pass: xxxxxx >>> ansible_ssh_port: 5986 >>> ansible_connection: winrm >>> # The following is necessary for Python 2.7.9+ when using default WinRM >>> self-signed certificates: >>> ansible_winrm_server_cert_validation: ignore >>> >>> i try with the recomendation of python 2.7.9+ but fails anyway >>> >>> [ansible@ansible-server ansible-windows]$ ansible windows -i host -m >>> win_ping -vvvvv >>> <mywindowshost.wt.mx.corp> ESTABLISH WINRM CONNECTION FOR USER: ansible >>> on PORT 5986 TO mywindowshost.wt.mx.corp >>> <mywindowshostwt.mx.corp> WINRM CONNECT: transport=plaintext endpoint= >>> https://mywindowshost.wt.mx.corp:5986/wsman >>> <https://www.google.com/url?q=https%3A%2F%2Fmywindowshost.wt.mx.corp%3A5986%2Fwsman&sa=D&sntz=1&usg=AFQjCNHoKwGx27zxHWFl_q1MbmbF4pgGiA> >>> mywindowshost.wt.mx.corp | FAILED => Traceback (most recent call last): >>> File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", >>> line 582, in _executor >>> exec_rc = self._executor_internal(host, new_stdin) >>> File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", >>> line 785, in _executor_internal >>> return self._executor_internal_inner(host, self.module_name, >>> self.module_args, inject, port, complex_args=complex_args) >>> File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", >>> line 964, in _executor_internal_inner >>> conn = self.connector.connect(actual_host, actual_port, actual_user, >>> actual_pass, actual_transport, actual_private_key_file, delegate_host) >>> File "/usr/lib/python2.7/site-packages/ansible/runner/connection.py", >>> line 52, in connect >>> self.active = conn.connect() >>> File >>> "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", >>> >>> line 140, in connect >>> self.protocol = self._winrm_connect() >>> File >>> "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", >>> >>> line 96, in _winrm_connect >>> protocol.send_message('') >>> File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 207, >>> in send_message >>> return self.transport.send_message(message) >>> File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 173, >>> in send_message >>> response = self.session.send(prepared_request, >>> timeout=self.read_timeout_sec) >>> File "/usr/lib/python2.7/site-packages/requests/sessions.py", line >>> 585, in send >>> r = adapter.send(request, **kwargs) >>> File "/usr/lib/python2.7/site-packages/requests/adapters.py", line >>> 477, in send >>> raise SSLError(e, request=request) >>> SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed >>> (_ssl.c:765) >>> >>> >>> With both method fails, so i do a testing conection with Curl and its OK >>> >>> ansible@ansible-server ansible-windows]$ curl -vk -d "" -u >>> "ansible:xxxxxxx" https://mywindowshost.wt.mx.corp:5986/wsman >>> * About to connect() to mywindowshost.wt.mx.corp port 5986 (#0) >>> * Trying 22.134.234.100... >>> * Connected to mywindowshost.wt.mx.corp (22.134.234.100) port 5986 (#0) >>> * Initializing NSS with certpath: sql:/etc/pki/nssdb >>> * skipping SSL peer certificate verification >>> * SSL connection using TLS_RSA_WITH_AES_128_CBC_SHA >>> * Server certificate: >>> * subject: CN=mywindowshost >>> * start date: Jun 27 18:16:45 2016 GMT >>> * expire date: Jun 27 18:16:45 2017 GMT >>> * common name: mywindowshost >>> * issuer: CN=mywindowshost >>> * Server auth using Basic with user 'ansible' >>> > POST /wsman HTTP/1.1 >>> > Authorization: Basic cHJodGJsYWQ6QmxhKjg2LmxvZw== >>> > User-Agent: curl/7.29.0 >>> > Host: mywindowshost.wt.mx.corp:5986 >>> > Accept: */* >>> > Content-Length: 0 >>> > Content-Type: application/x-www-form-urlencoded >>> > >>> < HTTP/1.1 411 >>> < Server: Microsoft-HTTPAPI/2.0 >>> < Date: Wed, 29 Jun 2016 18:19:37 GMT >>> < Connection: close >>> < Content-Length: 0 >>> < >>> * Closing connection 0 >>> >>> >>> Any idea ? >>> >>> Thanks >>> >>> >>> El martes, 28 de junio de 2016, 2:59:13 (UTC-5), J Hawkesworth escribió: >>>> >>>> Hi, >>>> >>>> Since python 2.7.9 ( I think) python's default behavior has been to >>>> validate certificates for any https connections. >>>> >>>> The certificate used by the windows hosts is likely self-generated, >>>> therefore won't be fully trusted. >>>> >>>> So in order to avoid the certificate check, you have to set the >>>> following var in your ansible inventory/group_vars that apply to your >>>> windows hosts. >>>> >>>> # The following is necessary for Python 2.7.9+ when using default WinRM >>>> self-signed certificates:ansible_winrm_server_cert_validation: ignore >>>> >>>> >>>> Its documented here: >>>> http://docs.ansible.com/ansible/intro_windows.html#inventory >>>> >>>> If you would rather python did check the certificate then you will >>>> either need to trust the cert for each of your windows hosts, or acquire >>>> trusted (not self-signed) certificates for each of your windows hosts, add >>>> them to the the computer certificate store and ensure that winrm is using >>>> your new certificate. >>>> >>>> Hope this helps, >>>> >>>> Jon >>>> >>>> >>>> On Tuesday, June 28, 2016 at 1:37:59 AM UTC+1, Hugo Enrique Hernández >>>> Priego wrote: >>>>> >>>>> Hi >>>>> >>>>> I'm running ansible against a windows host for testing purposes. but i >>>>> am getting this error : >>>>> >>>>> Red Hat 7.2 >>>>> Ansible 1.9.2 >>>>> >>>>> [ansible-windows]$ ansible windows -i host -m win_ping -vvvvv >>>>> >>>>> <srvspodvlmx01.wt.mx.corp> ESTABLISH WINRM CONNECTION FOR USER: >>>>> prhtblad on PORT 5986 TO srvspodvlmx01.wt.mx.corp >>>>> <srvspodvlmx01.wt.mx.corp> WINRM CONNECT: transport=plaintext endpoint= >>>>> https://srvspodvlmx01.wt.mx.corp:5986/wsman >>>>> srvspodvlmx01.wt.mx.corp | FAILED => Traceback (most recent call last): >>>>> File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", >>>>> line 582, in _executor >>>>> exec_rc = self._executor_internal(host, new_stdin) >>>>> File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", >>>>> line 785, in _executor_internal >>>>> return self._executor_internal_inner(host, self.module_name, >>>>> self.module_args, inject, port, complex_args=complex_args) >>>>> File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", >>>>> line 964, in _executor_internal_inner >>>>> conn = self.connector.connect(actual_host, actual_port, >>>>> actual_user, actual_pass, actual_transport, actual_private_key_file, >>>>> delegate_host) >>>>> File >>>>> "/usr/lib/python2.7/site-packages/ansible/runner/connection.py", line 52, >>>>> in connect >>>>> self.active = conn.connect() >>>>> File >>>>> "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", >>>>> >>>>> line 140, in connect >>>>> self.protocol = self._winrm_connect() >>>>> File >>>>> "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", >>>>> >>>>> line 96, in _winrm_connect >>>>> protocol.send_message('') >>>>> File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 207, >>>>> in send_message >>>>> return self.transport.send_message(message) >>>>> File "/usr/lib/python2.7/site-packages/winrm/transport.py", line >>>>> 173, in send_message >>>>> response = self.session.send(prepared_request, >>>>> timeout=self.read_timeout_sec) >>>>> File "/usr/lib/python2.7/site-packages/requests/sessions.py", line >>>>> 585, in send >>>>> r = adapter.send(request, **kwargs) >>>>> File "/usr/lib/python2.7/site-packages/requests/adapters.py", line >>>>> 477, in send >>>>> raise SSLError(e, request=request) >>>>> SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed >>>>> (_ssl.c:765) >>>>> >>>>> Any idea about this error ? >>>>> >>>>> Thanks >>>>> >>>> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/a80cf21b-8dd4-436d-bb7b-284abeaa0738%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
