Hi, You've hit the nail right on the head!! "Issue" solved...
Le jeudi 16 novembre 2017 13:19:18 UTC+1, [email protected] a écrit : > > Good morning, > > I'm struggling with an annoying issue with my current Ansible setup. > Ansible master server is configured and I'm testing basic connectiviy with > Linux and Windows nodes. > Connectivity with Linux nodes is working fine, ad-hoc commands return > expected values. > > Windows test node is configured with an HTTPs listener (with server > certificate installed), firewall is disabled, WinRM service is started and > available from other Windows hosts. So far I can successfully issue wman > commands locally & remotely from Windows nodes: > > test-wsman -computername winsrv01.domain.lan -Usessl > > wsmid : >> http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd >> ProtocolVersion : http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd >> ProductVendor : Microsoft Corporation >> ProductVersion : OS: 0.0.0 SP: 0.0 Stack: 3.0 > > > Ansible win_ping issued from Ansible server fails: > > ansible 2.4.0.0 >> >> config file = /etc/ansible/ansible.cfg >> >> configured module search path = >>> [u'/home/ansible/.ansible/plugins/modules', >>> u'/usr/share/ansible/plugins/modules'] >> >> ansible python module location = >>> /usr/lib/python2.7/site-packages/ansible >> >> executable location = /usr/bin/ansible >> >> python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 >>> 20150623 (Red Hat 4.8.5-16)] >> >> Using /etc/ansible/ansible.cfg as config file >> >> setting up inventory plugins >> >> Set default localhost to localhost >> >> Parsed /etc/ansible/hosts inventory source with ini plugin >> >> Loading callback plugin minimal of type stdout, v2.0 from >>> /usr/lib/python2.7/site-packages/ansible/plugins/callback/__init__.pyc >> >> META: ran handlers >> >> Using module file >>> /usr/lib/python2.7/site-packages/ansible/modules/windows/win_ping.ps1 >> >> <winsrv01.DOMAIN.LAN> ESTABLISH SSH CONNECTION FOR USER:[email protected] >> >> <winsrv01.DOMAIN.LAN> SSH: ansible.cfg set ssh_args: >>> (-C)(-o)(ControlMaster=auto)(-o)(ControlPersist=60s) >> >> <winsrv01.DOMAIN.LAN> SSH: ANSIBLE_REMOTE_PORT/remote_port/ansible_port >>> set: (-o)(Port=5986) >> >> <winsrv01.DOMAIN.LAN> SSH: >>> ANSIBLE_PRIVATE_KEY_FILE/private_key_file/ansible_ssh_private_key_file set: >>> (-o)(IdentityFile="/home/ansible/.ssh/myrsakey") >> >> <winsrv01.DOMAIN.LAN> SSH: >>> ANSIBLE_REMOTE_USER/remote_user/ansible_user/user/-u set: >>> (-o)([email protected]) >> >> <winsrv01.DOMAIN.LAN> SSH: ANSIBLE_TIMEOUT/timeout set: >>> (-o)(ConnectTimeout=60) >> >> <winsrv01.DOMAIN.LAN> SSH: found only ControlPersist; added ControlPath: >>> (-o)(ControlPath=/home/ansible/.ansible/cp/208bf2aa12) >> >> <winsrv01.DOMAIN.LAN> SSH: EXEC sshpass -d12 ssh -vvv -C -o >>> ControlMaster=auto -o ControlPersist=60s -o Port=5986 -o >>> 'IdentityFile="/home/ansible/.ssh/myrsakey"' -o [email protected] -o >>> ConnectTimeout=60 -o ControlPath=/home/ansible/.ansible/cp/208bf2aa12 >>> winsrv01.DOMAIN.LAN '/bin/sh -c '"'"'echo ~ && sleep 0'"'"'' >> >> <winsrv01.DOMAIN.LAN> (255, '', 'OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 >>> Jan 2017\r\ndebug1: Reading configuration data >>> /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 58: Applying >>> options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: >>> Control socket "/home/ansible/.ansible/cp/208bf2aa12" does not >>> exist\r\ndebug2: resolving "winsrv01.DOMAIN.LAN" port 5986\r\ndebug2: >>> ssh_connect_direct: needpriv 0\r\ndebug1: Connecting to winsrv01.DOMAIN.LAN >>> [10.0.0.4] port 5986.\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug1: fd 3 >>> clearing O_NONBLOCK\r\ndebug1: Connection established.\r\ndebug3: timeout: >>> 59999 ms remain after connect\r\ndebug1: identity file >>> /home/ansible/.ssh/myrsakey type 1\r\ndebug1: key_load_public: No such file >>> or directory\r\ndebug1: identity file /home/ansible/.ssh/myrsakey-cert type >>> -1\r\ndebug1: Enabling compatibility mode for protocol 2.0\r\ndebug1: Local >>> version string SSH-2.0-OpenSSH_7.4\r\nConnection timed out during banner >>> exchange\r\n') >> >> winsrv01.DOMAIN.LAN | UNREACHABLE! => { >> >> "changed": false, >> >> "msg": "Failed to connect to the host via ssh: OpenSSH_7.4p1, OpenSSL >>> 1.0.2k-fips 26 Jan 2017\r\ndebug1: Reading configuration data >>> /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 58: Applying >>> options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: >>> Control socket \"/home/ansible/.ansible/cp/208bf2aa12\" does not >>> exist\r\ndebug2: resolving \"winsrv01.DOMAIN.LAN\" port 5986\r\ndebug2: >>> ssh_connect_direct: needpriv 0\r\ndebug1: Connecting to winsrv01.DOMAIN.LAN >>> [10.0.0.4] port 5986.\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug1: fd 3 >>> clearing O_NONBLOCK\r\ndebug1: Connection established.\r\ndebug3: timeout: >>> 59999 ms remain after connect\r\ndebug1: identity file >>> /home/ansible/.ssh/myrsakey type 1\r\ndebug1: key_load_public: No such file >>> or directory\r\ndebug1: identity file /home/ansible/.ssh/myrsakey-cert type >>> -1\r\ndebug1: Enabling compatibility mode for protocol 2.0\r\ndebug1: Local >>> version string SSH-2.0-OpenSSH_7.4\r\nConnection timed out during banner >>> exchange\r\n", >> >> "unreachable": true >> >> } >> >> pywinrm test script can properly connect to Windows node (after issuing >> kinit manually on Ansible server to grap a Kerberos ticket): >> > > python test_winrm.py > > > # test_winrm.py > > p = Protocol( > endpoint='https://winsrv01.domain.lan:5986/wsman',// > transport='kerberos', > username='[email protected]', > server_cert_validation='ignore') > > > shell_id = p.open_shell() > > > command_id = p.run_command(shell_id, 'hostname') > > > std_out, std_err, status_code = p.get_command_output(shell_id, command_id) > > > print std_out > > > Ansible "/etc/ansible/hosts" file : > > > [local] > localhost ansible_connection=local > > > [windows] > winsrv01.DOMAIN.LAN > > > [linux] > linuxsrv01.DOMAIN.LAN > > Ansible variables "/etc/ansible/group_vars/windows.yml: > > > --- > # /etc/ansible/group_vars/windows.ym > ansible_user: [email protected] > ansible_password: xxxxxxxxxxxxxxxx > ansible_port: 5986 > ansible_connexion: winrm > ansible_winrm_scheme: https > ansible_winrm_transport: kerberos,ntlm,plaintext > ansible_winrm_operation_timeout_sec: 60 > ansible_winrm_server_cert_validation: ignore > > > I'm not sure why debug messages show SSH stuff even if target host is a > Windows node... > > Help would be greatly appreciated > > Thanks in advance > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/948e51b9-9d82-46c3-b9e5-b13f77581747%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
