Good morning, I'm struggling with an annoying issue with my current Ansible setup. Ansible master server is configured and I'm testing basic connectiviy with Linux and Windows nodes. Connectivity with Linux nodes is working fine, ad-hoc commands return expected values.
Windows test node is configured with an HTTPs listener (with server certificate installed), firewall is disabled, WinRM service is started and available from other Windows hosts. So far I can successfully issue wman commands locally & remotely from Windows nodes: test-wsman -computername winsrv01.domain.lan -Usessl wsmid : > http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd > ProtocolVersion : http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd > ProductVendor : Microsoft Corporation > ProductVersion : OS: 0.0.0 SP: 0.0 Stack: 3.0 Ansible win_ping issued from Ansible server fails: ansible 2.4.0.0 > > config file = /etc/ansible/ansible.cfg > > configured module search path = >> [u'/home/ansible/.ansible/plugins/modules', >> u'/usr/share/ansible/plugins/modules'] > > ansible python module location = /usr/lib/python2.7/site-packages/ansible > > executable location = /usr/bin/ansible > > python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 >> 20150623 (Red Hat 4.8.5-16)] > > Using /etc/ansible/ansible.cfg as config file > > setting up inventory plugins > > Set default localhost to localhost > > Parsed /etc/ansible/hosts inventory source with ini plugin > > Loading callback plugin minimal of type stdout, v2.0 from >> /usr/lib/python2.7/site-packages/ansible/plugins/callback/__init__.pyc > > META: ran handlers > > Using module file >> /usr/lib/python2.7/site-packages/ansible/modules/windows/win_ping.ps1 > > <winsrv01.DOMAIN.LAN> ESTABLISH SSH CONNECTION FOR USER:[email protected] > > <winsrv01.DOMAIN.LAN> SSH: ansible.cfg set ssh_args: >> (-C)(-o)(ControlMaster=auto)(-o)(ControlPersist=60s) > > <winsrv01.DOMAIN.LAN> SSH: ANSIBLE_REMOTE_PORT/remote_port/ansible_port >> set: (-o)(Port=5986) > > <winsrv01.DOMAIN.LAN> SSH: >> ANSIBLE_PRIVATE_KEY_FILE/private_key_file/ansible_ssh_private_key_file set: >> (-o)(IdentityFile="/home/ansible/.ssh/myrsakey") > > <winsrv01.DOMAIN.LAN> SSH: >> ANSIBLE_REMOTE_USER/remote_user/ansible_user/user/-u set: >> (-o)([email protected]) > > <winsrv01.DOMAIN.LAN> SSH: ANSIBLE_TIMEOUT/timeout set: >> (-o)(ConnectTimeout=60) > > <winsrv01.DOMAIN.LAN> SSH: found only ControlPersist; added ControlPath: >> (-o)(ControlPath=/home/ansible/.ansible/cp/208bf2aa12) > > <winsrv01.DOMAIN.LAN> SSH: EXEC sshpass -d12 ssh -vvv -C -o >> ControlMaster=auto -o ControlPersist=60s -o Port=5986 -o >> 'IdentityFile="/home/ansible/.ssh/myrsakey"' -o [email protected] -o >> ConnectTimeout=60 -o ControlPath=/home/ansible/.ansible/cp/208bf2aa12 >> winsrv01.DOMAIN.LAN '/bin/sh -c '"'"'echo ~ && sleep 0'"'"'' > > <winsrv01.DOMAIN.LAN> (255, '', 'OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 >> Jan 2017\r\ndebug1: Reading configuration data >> /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 58: Applying >> options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: >> Control socket "/home/ansible/.ansible/cp/208bf2aa12" does not >> exist\r\ndebug2: resolving "winsrv01.DOMAIN.LAN" port 5986\r\ndebug2: >> ssh_connect_direct: needpriv 0\r\ndebug1: Connecting to winsrv01.DOMAIN.LAN >> [10.0.0.4] port 5986.\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug1: fd 3 >> clearing O_NONBLOCK\r\ndebug1: Connection established.\r\ndebug3: timeout: >> 59999 ms remain after connect\r\ndebug1: identity file >> /home/ansible/.ssh/myrsakey type 1\r\ndebug1: key_load_public: No such file >> or directory\r\ndebug1: identity file /home/ansible/.ssh/myrsakey-cert type >> -1\r\ndebug1: Enabling compatibility mode for protocol 2.0\r\ndebug1: Local >> version string SSH-2.0-OpenSSH_7.4\r\nConnection timed out during banner >> exchange\r\n') > > winsrv01.DOMAIN.LAN | UNREACHABLE! => { > > "changed": false, > > "msg": "Failed to connect to the host via ssh: OpenSSH_7.4p1, OpenSSL >> 1.0.2k-fips 26 Jan 2017\r\ndebug1: Reading configuration data >> /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 58: Applying >> options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: >> Control socket \"/home/ansible/.ansible/cp/208bf2aa12\" does not >> exist\r\ndebug2: resolving \"winsrv01.DOMAIN.LAN\" port 5986\r\ndebug2: >> ssh_connect_direct: needpriv 0\r\ndebug1: Connecting to winsrv01.DOMAIN.LAN >> [10.0.0.4] port 5986.\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug1: fd 3 >> clearing O_NONBLOCK\r\ndebug1: Connection established.\r\ndebug3: timeout: >> 59999 ms remain after connect\r\ndebug1: identity file >> /home/ansible/.ssh/myrsakey type 1\r\ndebug1: key_load_public: No such file >> or directory\r\ndebug1: identity file /home/ansible/.ssh/myrsakey-cert type >> -1\r\ndebug1: Enabling compatibility mode for protocol 2.0\r\ndebug1: Local >> version string SSH-2.0-OpenSSH_7.4\r\nConnection timed out during banner >> exchange\r\n", > > "unreachable": true > > } > > pywinrm test script can properly connect to Windows node (after issuing > kinit manually on Ansible server to grap a Kerberos ticket): > python test_winrm.py # test_winrm.py p = Protocol( endpoint='https://winsrv01.domain.lan:5986/wsman',// transport='kerberos', username='[email protected]', server_cert_validation='ignore') shell_id = p.open_shell() command_id = p.run_command(shell_id, 'hostname') std_out, std_err, status_code = p.get_command_output(shell_id, command_id) print std_out Ansible "/etc/ansible/hosts" file : [local] localhost ansible_connection=local [windows] winsrv01.DOMAIN.LAN [linux] linuxsrv01.DOMAIN.LAN Ansible variables "/etc/ansible/group_vars/windows.yml: --- # /etc/ansible/group_vars/windows.ym ansible_user: [email protected] ansible_password: xxxxxxxxxxxxxxxx ansible_port: 5986 ansible_connexion: winrm ansible_winrm_scheme: https ansible_winrm_transport: kerberos,ntlm,plaintext ansible_winrm_operation_timeout_sec: 60 ansible_winrm_server_cert_validation: ignore I'm not sure why debug messages show SSH stuff even if target host is a Windows node... Help would be greatly appreciated Thanks in advance -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/4315095a-d914-4820-9739-d2a710b7a8a6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
