Sorry, I should have been clearer. 2.0.0.2 and 2.1.1 are ansible versions.
On Thursday, September 15, 2016 at 4:11:02 PM UTC+1, Surred wrote: > > Thanks for the response JH. I've moved the winrm connection details to > group_vars as you suggested, but am still not able to list the files of a > network share. You said you are using "2.0.0.2 / 2.1.1" Can you please > clarify those version numbers and what they are associated with? > > host file: > user@ansible:~/ansible> cat inventories/domain > [test] > dc1.domain.com > > > group_vars: > user@ansible:~/ansible> cat inventories/group_vars/test.yml > --- > > ansible_ssh_port: 5986 > ansible_connection: winrm > ansible_winrm_transport: kerberos > ansible_winrm_kerberos_delegation: yes > ansible_ssh_user: [email protected] <javascript:> > ansible_winrm_server_cert_validation: ignore > > > output of playbook (i've added a debug task to dump the variables): > user@ansible:~/ansible> ansible-playbook test.yml -i inventories/domain > -vvvvv > Using /home/user/ansible/ansible.cfg as config file > Loaded callback default of type stdout, v2.0 > > PLAYBOOK: test.yml > ************************************************************* > 1 plays in test.yml > > PLAY [list unc] > **************************************************************** > > TASK [display variables] > ******************************************************* > task path: /home/user/ansible/test.yml:6 > ok: [dc1.domain.com] => { > "hostvars[inventory_hostname]": { > "ansible_check_mode": false, > "ansible_connection": "winrm", > "ansible_ssh_port": 5986, > "ansible_ssh_user": "[email protected] <javascript:>", > "ansible_version": { > "full": "2.1.0.0", > "major": 2, > "minor": 1, > "revision": 0, > "string": "2.1.0.0" > }, > "ansible_winrm_kerberos_delegation": true, > "ansible_winrm_server_cert_validation": "ignore", > "ansible_winrm_transport": "kerberos", > "group_names": [ > "test" > ], > "groups": { > "all": [ > "dc1.domain.com" > ], > "test": [ > "dc1.domain.com" > ], > "ungrouped": [] > }, > "inventory_dir": "/home/user/ansible/inventories", > "inventory_file": "inventories/domain", > "inventory_hostname": "dc1.domain.com", > "inventory_hostname_short": "dc1", > "omit": > "__omit_place_holder__aefe246ae370864260078b474e205946a8274802", > "playbook_dir": "/home/user/ansible" > } > } > > TASK [list unc] > **************************************************************** > task path: /home/user/ansible/test.yml:9 > <dc1.domain.com> ESTABLISH WINRM CONNECTION FOR USER: [email protected] > <javascript:> on PORT 5986 TO dc1.domain.com > <dc1.domain.com> WINRM CONNECT: transport=kerberos endpoint= > https://dc1.domain.com:5986/wsman > <dc1.domain.com> WINRM OPEN SHELL: 33ADC923-1FA6-4D0D-B5AF-7A474202BD2E > <dc1.domain.com> EXEC Set-StrictMode -Version Latest > (New-Item -Type Directory -Path $env:temp -Name > "ansible-tmp-1473950183.23-4669660185733").FullName | Write-Host -Separator > ''; > <dc1.domain.com> WINRM EXEC u'PowerShell' [u'-NoProfile', > u'-NonInteractive', u'-ExecutionPolicy', u'Unrestricted', > u'-EncodedCommand', > u'UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAoAE4AZQB3AC0ASQB0AGUAbQAgAC0AVAB5AHAAZQAgAEQAaQByAGUAYwB0AG8AcgB5ACAALQBQAGEAdABoACAAJABlAG4AdgA6AHQAZQBtAHAAIAAtAE4AYQBtAGUAIAAiAGEAbgBzAGkAYgBsAGUALQB0AG0AcAAtADEANAA3ADMAOQA1ADAAMQA4ADMALgAyADMALQA0ADYANgA5ADYANgAwADEAOAA1ADcAMwAzACIAKQAuAEYAdQBsAGwATgBhAG0AZQAgAHwAIABXAHIAaQB0AGUALQBIAG8AcwB0ACAALQBTAGUAcABhAHIAYQB0AG8AcgAgACcAJwA7AA=='] > <dc1.domain.com> WINRM RESULT u'<Response code 0, out > "C:\\Users\\ansible_svc", err "">' > <dc1.domain.com> PUT "/home/user/ansible/test.ps1" TO > "C:\Users\ansible_svc\AppData\Local\Temp\ansible-tmp-1473950183.23-4669660185733\test.ps1" > <dc1.domain.com> WINRM PUT "/home/user/ansible/test.ps1" to > "C:\Users\ansible_svc\AppData\Local\Temp\ansible-tmp-1473950183.23-4669660185733\test.ps1" > > (offset=46 size=46) > <dc1.domain.com> EXEC & > > 'C:\Users\ansible_svc\AppData\Local\Temp\ansible-tmp-1473950183.23-4669660185733\test.ps1' > <dc1.domain.com> WINRM EXEC 'PowerShell' ['-NoProfile', > '-NonInteractive', '-ExecutionPolicy', 'Unrestricted', '-EncodedCommand', > 'JgAgACAAJwBDADoAXABVAHMAZQByAHMAXABhAG4AcwBpAGIAbABlAF8AcwB2AGMAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsAFwAVABlAG0AcABcAGEAbgBzAGkAYgBsAGUALQB0AG0AcAAtADEANAA3ADMAOQA1ADAAMQA4ADMALgAyADMALQA0ADYANgA5ADYANgAwADEAOAA1ADcAMwAzAFwAdABlAHMAdAAuAHAAcwAxACcA'] > <dc1.domain.com> WINRM RESULT u'<Response code 0, out "", err "#< > CLIXML\r\n<Objs Ver">' > <dc1.domain.com> EXEC Set-StrictMode -Version Latest > Remove-Item > "C:\Users\ansible_svc\AppData\Local\Temp\ansible-tmp-1473950183.23-4669660185733" > > -Force -Recurse; > <dc1.domain.com> WINRM EXEC u'PowerShell' [u'-NoProfile', > u'-NonInteractive', u'-ExecutionPolicy', u'Unrestricted', > u'-EncodedCommand', > u'UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAGEAbgBzAGkAYgBsAGUAXwBzAHYAYwBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA0ADcAMwA5ADUAMAAxADgAMwAuADIAMwAtADQANgA2ADkANgA2ADAAMQA4ADUANwAzADMAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsA'] > <dc1.domain.com> WINRM RESULT u'<Response code 0, out "", err "">' > <dc1.domain.com> WINRM CLOSE SHELL: 33ADC923-1FA6-4D0D-B5AF-7A474202BD2E > changed: [dc1.domain.com] => {"changed": true, "invocation": > {"module_args": {"_raw_params": "/home/user/ansible/test.ps1"}, > "module_name": "script"}, "rc": 0, "stderr": "Get-ChildItem : Access is > denied\r\nAt > C:\\Users\\ansible_svc\\AppData\\Local\\Temp\\ansible-tmp-1473950183.23-4669660185\r\n733\\test.ps1:1 > > char:1\r\n+ Get-ChildItem \"\\\\sccm01\\SMS_ABC\\Client\"\r\n+ > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n+ CategoryInfo : > PermissionDenied: (\\\\sccm01\\SMS_ABC\\Client \r\n:String) > [Get-ChildItem], UnauthorizedAccessException\r\n+ FullyQualifiedErrorId : > ItemExistsUnauthorizedAccessError,Microsoft.Powe > \r\nrShell.Commands.GetChildItemCommand\r\n\r\nGet-ChildItem : Cannot find > path '\\\\sccm01\\SMS_ABC\\Client' because it \r\ndoes not exist.\r\nAt > C:\\Users\\ansible_svc\\AppData\\Local\\Temp\\ansible-tmp-1473950183.23-4669660185\r\n733\\test.ps1:1 > > char:1\r\n+ Get-ChildItem \"\\\\sccm01\\SMS_ABC\\Client\"\r\n+ > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n+ CategoryInfo : > ObjectNotFound: (\\\\sccm01\\SMS_ABC\\Client:S \r\ntring) [Get-ChildItem], > ItemNotFoundException\r\n+ FullyQualifiedErrorId : > PathNotFound,Microsoft.PowerShell.Commands.GetCh \r\nildItemCommand\r\n", > "stdout": "", "stdout_lines": []} > > PLAY RECAP > ********************************************************************* > dc1.domain.com : ok=2 changed=1 unreachable=0 failed=0 > > user@ansible:~/ansible> > > > > On Wednesday, September 14, 2016 at 12:52:13 PM UTC-5, Surred wrote: >> >> Hello, >> >> I'm having issues getting the double hop scenario working. To test >> kerberos delegation I have a simple PowerShell script that does a >> Get-ChildItem on a UNC path. When running the command manually on the host >> it works, but when executing as playbook with Ansible I get "Access >> Denied." Below is my configuration and the verbose output I receive. Any >> help or suggestions would be greatly appreciated. >> >> >> Environment: >> user@ansible:~/ansible> pip list 2>/dev/null | grep -i pywinrm >> pywinrm (0.2.0) >> >> user@ansible:~/ansible> ansible --version >> ansible 2.1.0.0 >> config file = /home/user/ansible/ansible.cfg >> configured module search path = Default w/o overrides >> >> user@ansible:~/ansible> cat /etc/*-release >> NAME="SLES" >> VERSION="11.4" >> VERSION_ID="11.4" >> PRETTY_NAME="SUSE Linux Enterprise Server 11 SP4" >> ID="sles" >> ANSI_COLOR="0;32" >> CPE_NAME="cpe:/o:suse:sles:11:4" >> SUSE Linux Enterprise Server 11 (x86_64) >> VERSION = 11 >> PATCHLEVEL = 4 >> >> >> Inventory excerpt: >> [all:vars] >> ansible_ssh_port=5986 >> ansible_connection=winrm >> ansible_winrm_transport=kerberos >> ansible_winrm_kerberos_delegation=yes >> [email protected] <javascript:> >> ansible_winrm_server_cert_validation=ignore >> >> Playbook output: >> user@ansible:~/ansible> ansible-playbook test.yml -i inventories/domain >> -vvvvv >> Using /home/user/ansible/ansible.cfg as config file >> Loaded callback default of type stdout, v2.0 >> >> PLAYBOOK: test.yml >> ************************************************************* >> 1 plays in test.yml >> >> PLAY [list unc] >> **************************************************************** >> >> TASK [list unc] >> **************************************************************** >> task path: /home/user/ansible/test.yml:6 >> <dc1.domain.com> ESTABLISH WINRM CONNECTION FOR USER: [email protected] >> <javascript:> on PORT 5986 TO dc1.domain.com >> <dc1.domain.com> WINRM CONNECT: transport=kerberos endpoint= >> https://dc1.domain.com:5986/wsman >> <dc1.domain.com> WINRM OPEN SHELL: 33CC652E-0DED-4C66-B898-2860580A29A8 >> <dc1.domain.com> EXEC Set-StrictMode -Version Latest >> (New-Item -Type Directory -Path $env:temp -Name >> "ansible-tmp-1473809521.62-137672088908702").FullName | Write-Host >> -Separator ''; >> <dc1.domain.com> WINRM EXEC u'PowerShell' [u'-NoProfile', >> u'-NonInteractive', u'-ExecutionPolicy', u'Unrestricted', >> u'-EncodedCommand', >> u'UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAoAE4AZQB3AC0ASQB0AGUAbQAgAC0AVAB5AHAAZQAgAEQAaQByAGUAYwB0AG8AcgB5ACAALQBQAGEAdABoACAAJABlAG4AdgA6AHQAZQBtAHAAIAAtAE4AYQBtAGUAIAAiAGEAbgBzAGkAYgBsAGUALQB0AG0AcAAtADEANAA3ADMAOAAwADkANQAyADEALgA2ADIALQAxADMANwA2ADcAMgAwADgAOAA5ADAAOAA3ADAAMgAiACkALgBGAHUAbABsAE4AYQBtAGUAIAB8ACAAVwByAGkAdABlAC0ASABvAHMAdAAgAC0AUwBlAHAAYQByAGEAdABvAHIAIAAnACcAOwA='] >> <dc1.domain.com> WINRM RESULT u'<Response code 0, out >> "C:\\Users\\ansible_svc", err "">' >> <dc1.domain.com> PUT "/home/user/ansible/test.ps1" TO >> "C:\Users\ansible_svc\AppData\Local\Temp\ansible-tmp-1473809521.62-137672088908702\test.ps1" >> <dc1.domain.com> WINRM PUT "/home/user/ansible/test.ps1" to >> "C:\Users\ansible_svc\AppData\Local\Temp\ansible-tmp-1473809521.62-137672088908702\test.ps1" >> >> (offset=46 size=46) >> <dc1.domain.com> EXEC & >> >> 'C:\Users\ansible_svc\AppData\Local\Temp\ansible-tmp-1473809521.62-137672088908702\test.ps1' >> <dc1.domain.com> WINRM EXEC 'PowerShell' ['-NoProfile', >> '-NonInteractive', '-ExecutionPolicy', 'Unrestricted', '-EncodedCommand', >> 'JgAgACAAJwBDADoAXABVAHMAZQByAHMAXABhAG4AcwBpAGIAbABlAF8AcwB2AGMAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsAFwAVABlAG0AcABcAGEAbgBzAGkAYgBsAGUALQB0AG0AcAAtADEANAA3ADMAOAAwADkANQAyADEALgA2ADIALQAxADMANwA2ADcAMgAwADgAOAA5ADAAOAA3ADAAMgBcAHQAZQBzAHQALgBwAHMAMQAnAA=='] >> <dc1.domain.com> WINRM RESULT u'<Response code 0, out "", err "#< >> CLIXML\r\n<Objs Ver">' >> <dc1.domain.com> EXEC Set-StrictMode -Version Latest >> Remove-Item >> "C:\Users\ansible_svc\AppData\Local\Temp\ansible-tmp-1473809521.62-137672088908702" >> >> -Force -Recurse; >> <dc1.domain.com> WINRM EXEC u'PowerShell' [u'-NoProfile', >> u'-NonInteractive', u'-ExecutionPolicy', u'Unrestricted', >> u'-EncodedCommand', >> u'UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAGEAbgBzAGkAYgBsAGUAXwBzAHYAYwBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA0ADcAMwA4ADAAOQA1ADIAMQAuADYAMgAtADEAMwA3ADYANwAyADAAOAA4ADkAMAA4ADcAMAAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AA=='] >> <dc1.domain.com> WINRM RESULT u'<Response code 0, out "", err "">' >> <dc1.domain.com> WINRM CLOSE SHELL: 33CC652E-0DED-4C66-B898-2860580A29A8 >> changed: [dc1.domain.com] => {"changed": true, "invocation": >> {"module_args": {"_raw_params": "/home/user/ansible/test.ps1"}, >> "module_name": "script"}, "rc": 0, "stderr": "Get-ChildItem : Access is >> denied\r\nAt >> C:\\Users\\ansible_svc\\AppData\\Local\\Temp\\ansible-tmp-1473809521.62-1376720889\r\n08702\\test.ps1:1 >> >> char:1\r\n+ Get-ChildItem \"\\\\sccm01\\SMS_ABC\\Client\"\r\n+ >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n+ CategoryInfo : >> PermissionDenied: (\\\\sccm01\\SMS_ABC\\Client \r\n:String) >> [Get-ChildItem], UnauthorizedAccessException\r\n+ FullyQualifiedErrorId : >> ItemExistsUnauthorizedAccessError,Microsoft.Powe >> \r\nrShell.Commands.GetChildItemCommand\r\n\r\nGet-ChildItem : Cannot find >> path '\\\\sccm01\\SMS_ABC\\Client' because it \r\ndoes not exist.\r\nAt >> C:\\Users\\ansible_svc\\AppData\\Local\\Temp\\ansible-tmp-1473809521.62-1376720889\r\n08702\\test.ps1:1 >> >> char:1\r\n+ Get-ChildItem \"\\\\sccm01\\SMS_ABC\\Client\"\r\n+ >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n+ CategoryInfo : >> ObjectNotFound: (\\\\sccm01\\SMS_ABC\\Client:S \r\ntring) [Get-ChildItem], >> ItemNotFoundException\r\n+ FullyQualifiedErrorId : >> PathNotFound,Microsoft.PowerShell.Commands.GetCh \r\nildItemCommand\r\n", >> "stdout": "", "stdout_lines": []} >> >> PLAY RECAP >> ********************************************************************* >> dc1.domain.com : ok=1 changed=1 unreachable=0 failed=0 >> >> user@ansible:~/ansible> >> > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/0483e38c-e4fb-447b-9272-ddc68bcc3fcb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
