Is 'winTest' the hostname or the name of a group of hosts in your inventory?
the windows host(s) that you want to connect to will need to be in a group called 'windows' in your inventory. [windows] winTest ... other hosts The name of the group, windows, has to match the name of the file (minus .yml extension) in group_vars. Without this, ansible doesn't know that the host is a windows box and needs to connect via winrm etc, and just uses default ssh connection type. So that could be what's happening here. Hope that helps, Jon On Thursday, October 20, 2016 at 6:11:19 PM UTC+1, Matt Davis wrote: > > In 2.1 we had to back off on some of the automatic transport detection > stuff with the advent of NTLM and support for things like Microsoft > accounts- try adding > > ansible_winrm_transport=kerberos > > to your inventory... > > On Thursday, October 20, 2016 at 10:01:29 AM UTC-7, [email protected] > <javascript:> wrote:I >> >> >> >> >> I am new to Ansible, so please bear with me.... I am trying to bring up >> an Ansible test environment whereby I can test config management against a >> Windows environment. The environment consists of an Ansible management >> server running Linux Red Hat Enterprise Linux Server release 6.7 and a test >> Windows 2012 R2 server. I believe I have all the necessary packages >> installed to support the WinRM/Kerberos connection from the Ansible >> management server to the Windows server. Here are the packages I believe to >> have been installed on the Ansible management server to support Windows: >> >> pywinrm >> python-devel >> krb5-devel >> krb5-libs >> krb5-workstation >> kerberos >> requests-kerberos >> >> I have updated /etc/krb5.conf file. When I run a "kinit ' >> [email protected] <javascript:>" on the Ansible management server I >> get the following: >> >> ansible@servername:/home/ansible # kinit [email protected] >> <javascript:> >> Password for [email protected] <javascript:>: >> ansible@servername:/home/ansible # >> >> I then ran a "klist" to ensure the kerberos connection was made: >> >> >> ansible@servername:/home/ansible # klist >> Ticket cache: FILE:/tmp/krb5cc_5000 >> Default principal: [email protected] <javascript:> >> >> Valid starting Expires Service principal >> 10/20/16 07:17:28 10/20/16 17:17:58 krbtgt/[email protected] >> <javascript:> >> renew until 10/21/16 07:17:28 >> ansible@servername:/home/ansible # >> >> I then created a /group_vars/windows.yml file consisting of the following: >> >> ansible_user: [email protected] <javascript:> >> ansible_password: xxxxx >> ansible_port: 5986 >> ansible_connection: winrm >> ansible_winrm_server_cert_validation: ignore >> >> but when I go to run a "ansible winTest -m win_ping -vvvv" it appears the >> it is trying an SSL connection instead of a winrm connection, possibly?: >> >> >> ansible@servername:/home/ansible # ansible winTest -m win_ping -vvvvv >> Using /home/ansible/.ansible.cfg as config file >> Loaded callback minimal of type stdout, v2.0 >> <172.31.0.166> ESTABLISH SSH CONNECTION FOR USER: None >> <172.31.0.166> SSH: ansible.cfg set ssh_args: >> (-o)(ControlMaster=auto)(-o)(ControlPersist=60s) >> <172.31.0.166> SSH: ansible_password/ansible_ssh_pass not set: >> (-o)(KbdInteractiveAuthentication=no)(-o)(PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey)(-o)(PasswordAuthentication=no) >> <172.31.0.166> SSH: ANSIBLE_TIMEOUT/timeout set: (-o)(ConnectTimeout=10) >> <172.31.0.166> SSH: PlayContext set ssh_common_args: () >> <172.31.0.166> SSH: PlayContext set ssh_extra_args: () >> <172.31.0.166> SSH: found only ControlPersist; added ControlPath: >> (-o)(ControlPath=/home/ansible/.ansible/cp/ansible-ssh-%h-%p-%r) >> <172.31.0.166> SSH: EXEC ssh -C -vvv -o ControlMaster=auto -o >> ControlPersist=60s -o KbdInteractiveAuthentication=no -o >> PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey >> -o PasswordAuthentication=no -o ConnectTimeout=10 -o >> ControlPath=/home/ansible/.ansible/cp/ansible-ssh-%h-%p-%r xxx.xx.x.xxx >> '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo >> $HOME/.ansible/tmp/ansible-tmp-1476962695.95-263373308192487 `" && echo >> ansible-tmp-1476962695.95-263373308192487="` echo >> $HOME/.ansible/tmp/ansible-tmp-1476962695.95-263373308192487 `" ) && sleep >> 0'"'"'' >> xxx.xx.x.xxx | UNREACHABLE! => { >> "changed": false, >> "msg": "Failed to connect to the host via ssh.", >> "unreachable": true >> } >> ansible@servername:/home/ansible # >> >> >> If I telnet to the windows server it appears the port is open: >> >> ansibleservername:/home/ansible # telnet xxx.xx.x.xxx 5985 >> Trying xxx.xx.x.xxx... >> Connected to xxx.xx.x.xxx. >> Escape character is '^]'. >> >> >> and if I verify that remoting is working on the windows server it appears >> to be working locally: >> >> PS C:\Users\XXXXXX> $Credential = Get-Credential >> >> cmdlet Get-Credential at command pipeline position 1 >> Supply values for the following parameters: >> Credential >> PS C:\Users\XXXXXX> $Session = New-PSSession -Credential $Credential >> -ComputerName xxx.xx.x.xxx >> PS C:\Users\XXXXXX> Invoke-Command -Session $Session -ScriptBlock {gci >> e:\} >> >> >> Directory: E:\ >> >> >> Mode LastWriteTime Length Name >> PSComputerName >> ---- ------------- ------ ---- >> -------------- >> d---- 10/19/2016 1:11 PM Applications >> xxx.xx.x.xxx >> da--- 10/19/2016 1:06 PM Logs >> xxx.xx.x.xxx >> d---- 10/19/2016 1:11 PM temp >> xxx.xx.x.xxx >> >> >> PS C:\Users\XXXXXX> >> >> >> I also tried to connect to WinRM from another Windows server: >> >> PS C:\Users\XXXXX> $Credential = Get-Credential >> >> cmdlet Get-Credential at command pipeline position 1 >> Supply values for the following parameters: >> Credential >> PS C:\Users\XXXXXX> $Session = New-PSSession -Credential $Credential >> -ComputerName xxx.xx.x.xxx >> PS C:\Users\XXXXXX> Invoke-Command -Session $Session -ScriptBlock {gci >> e:\} >> >> >> Directory: E:\ >> >> >> Mode LastWriteTime Length Name >> PSComputerName >> ---- ------------- ------ ---- >> -------------- >> d---- 10/19/2016 1:11 PM Applications >> xxx.xx.x.xxx >> da--- 10/19/2016 1:06 PM Logs >> xxx.xx.x.xxx >> d---- 10/19/2016 1:11 PM temp >> xxx.xx.x.xxx >> >> >> PS C:\Users\XXXXXX> >> >> >> >> Is there a config step whereby I specify Ansible use a winrm connection >> that I missed? Any assitance would be greatly appreciated..... >> >> >> Thanks, >> >> Bob Wieberdink >> >> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/432824b9-c6f5-409d-8ccf-34ada7c7e10d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
