Hi, I am also getting the same error when i tried to run a play with *host: local *and a task with *delegate_to: windows *in ubuntu 14.04. But the same task works if I specify the *host: windows *at play level. Can anyone help me in this?
On Friday, June 24, 2016 at 8:00:31 AM UTC-5, skinnedknuckles wrote: > > Here is a list of 9 items to check. You may already have done all of > these but skipping any one of them will prevent it from working. > > > https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!topic/ansible-project/HKgh7jtsFsk > > On Thursday, June 23, 2016 at 9:32:51 AM UTC-5, František Griga wrote: >> >> Hello, >> >> I have a problem with using Ansible to manage Windows machines. >> >> I have one virtual machine with Debian 8, Ansible 2.1.0.0 installed >> through PPA and Python 2.7.9. Then I have a second VM with Windows 10. I >> would like to send commands from Debian (Ansible) machine to Windows >> machine using WinRM through HTTPS (I do not want to use Kerberos - I >> need to connect to Windows local account), but something goes wrong. If >> I use "ansible_winrm_server_cert_validation: ignore" conf option, >> everything is fine - I have this: >> >> root@debx-test:~# ansible 192.168.0.1 -m win_ping >> 192.168.0.1 | SUCCESS => { >> "changed": false, >> "ping": "pong" >> } >> >> but that is something I do not want to use, because I considere that as >> a security risk. When I turn the option off, I have this: >> >> root@debx-test:~# ansible 192.168.0.1 -m win_ping -vvvvv >> Using /etc/ansible/ansible.cfg as config file >> Loaded callback minimal of type stdout, v2.0 >> <192.168.0.1> ESTABLISH WINRM CONNECTION FOR USER: admin on PORT 5986 TO >> 192.168.0.1 >> <192.168.0.1> WINRM CONNECT: transport=plaintext >> endpoint=https://192.168.0.1:5986/wsman >> <192.168.0.1> WINRM CONNECTION ERROR: ("bad handshake: Error([('SSL >> routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify >> failed')],)",) >> Traceback (most recent call last): >> File >> "/usr/lib/python2.7/dist-packages/ansible/plugins/connection/winrm.py", >> line 152, in _winrm_connect >> self.shell_id = protocol.open_shell(codepage=65001) # UTF-8 >> File "/usr/local/lib/python2.7/dist-packages/winrm/protocol.py", line >> 132, in open_shell >> res = self.send_message(xmltodict.unparse(req)) >> File "/usr/local/lib/python2.7/dist-packages/winrm/protocol.py", line >> 207, in send_message >> return self.transport.send_message(message) >> File "/usr/local/lib/python2.7/dist-packages/winrm/transport.py", >> line 173, in send_message >> response = self.session.send(prepared_request, >> timeout=self.read_timeout_sec) >> File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", >> line 585, in send >> r = adapter.send(request, **kwargs) >> File "/usr/local/lib/python2.7/dist-packages/requests/adapters.py", >> line 477, in send >> raise SSLError(e, request=request) >> SSLError: ("bad handshake: Error([('SSL routines', >> 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')],)",) >> >> 192.168.0.1 | UNREACHABLE! => { >> "changed": false, >> "msg": "plaintext: (\"bad handshake: Error([('SSL routines', >> 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')],)\",)", >> "unreachable": true >> } >> >> does not matter, what certificate I am using. I tried to create CA on >> Ansible machine, sign Windows CSR, import certificate to Windows, >> reconfigure HTTPS listener and import CA certificate to trusted >> certificates on Debian - does not help. I am sure I did everything OK, >> because it is working for example on the test web server on Windows >> machine. >> >> Is it possible to run Ansible with Windows really securelly? How? What >> should I try? >> >> Thanks for reply, >> Frantisek Griga >> >> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/e431ad1b-8dc4-42a7-ab4e-5b72e46e035a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
