Hi Jordan, Thank you for the suggestion on the inventory management. We can
currently target any instance based on their tags. here is the command I am
using to issue the playbook.
*ansible-playbook playbooks/windows.yml -e "target=tag_product_cse"*
*Here is the information you requested. *
*$ pip list*
*DEPRECATION: The default format will switch to columns in the future. You
can use --format=(legacy|columns) (or define a format=(legacy|columns) in
your pip.conf under the [list] section) to disable this warning.*
*ansible (2.3.2.0)*
*aws-amicleaner (0.1.2)*
*awscli (1.11.133)*
*blessings (1.6)*
*boto (2.48.0)*
*boto3 (1.4.6)*
*botocore (1.6.0)*
*certifi (2017.7.27.1)*
*cffi (1.9.1)*
*chardet (3.0.4)*
*colorama (0.3.7)*
*docutils (0.14)*
*ecdsa (0.13)*
*enum34 (1.1.6)*
*futures (3.1.1)*
*httplib2 (0.9.1)*
*hvac (0.3.0)*
*idna (2.5)*
*ipaddress (1.0.18)*
*Jinja2 (2.8)*
*jmespath (0.9.3)*
*kerberos (1.2.5)*
*MarkupSafe (0.23)*
*ntlm-auth (1.0.5)*
*ordereddict (1.1)*
*paramiko (1.16.0)*
*pip (9.0.1)*
*prettytable (0.7.2)*
*pyasn1 (0.2.3)*
*pycparser (2.17)*
*pycrypto (2.6.1)*
*python-dateutil (2.6.1)*
*pywinrm (0.3.0b1)*
*PyYAML (3.12)*
*requests (2.18.3)*
*requests-ntlm (1.0.0)*
*rsa (3.4.2)*
*s3transfer (0.1.10)*
*setuptools (20.7.0)*
*six (1.10.0)*
*termcolor (1.1.0)*
*urllib3 (1.22)*
*virtualenv (15.1.0)*
*wheel (0.29.0)*
*xmltodict (0.11.0)*
*$ ansible --version*
*ansible 2.3.2.0*
*config file = /etc/ansible/ansible.cfg*
*configured module search path = Default w/o overrides*
*python version = 2.7.12 (default, Nov 20 2017, 18:23:56) [GCC 5.4.0
20160609]*
*$ python --version*
*Python 2.7.12*
*Here are the changes I made to the following files: *
*playbooks/windows.yml, roles/windows/task/main.yml,
inventory/group_vars/windows.yml*
*Playbook: playbooks/windows.yml*
---
- name: run test on Windows host
hosts: '{{target}}'
gather_facts: no
roles:
- windows
vars_files:
- "/home/ubuntu/infratools/ansible/inventory/group_vars/windows.yml"
*Task: roles/windows/task/main.yml*
---
# Obtain information about a folder
- debug:
var: ansible_winrm_server_cert_validation
- win_stat:
path: C:\Users
register: folder_info
*Windows Var: /inventory/group_vars/windows.yml*
ansible_user: username
ansible_password: "#######"
ansible_port: 5986
ansible_connection: winrm
ansible_winrm_transport: ssl
#ansible_winrm_scheme: ntlm
# The following is necessary for Python 2.7.9+ when using default WinRM
self-signed certificates:
ansible_winrm_server_cert_validation: ignore
*##############################################################################*
*##############################################################################*
Based on the results it appears that *ansible_winrm_server_cert_validation:
ignore* is being recognized. Unfortunately, the issue persists. Below are
the results of running the command.
$ ansible-playbook playbooks/windows.yml -e "target=tag_product_cse"
PLAY [run test on Windows host]
*******************************************************************************************************
TASK [windows : debug]
****************************************************************************************************************
ok: [x.x.x.x] => {
"ansible_winrm_server_cert_validation": "ignore"
TASK [windows : win_stat]
*************************************************************************************************************
fatal: [x.x.x.x]: UNREACHABLE! => {"changed": false, "msg": "ssl:
HTTPSConnectionPool(host='x.x.x.x', port=5986): Max retries exceeded with
url: /wsman (Caused by SSLError(SSLError(1, u'[SSL:
CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)'),))",
"unreachable": true}
Thank you!! All your efforts are greatly appreciated!
On Monday, December 18, 2017 at 4:19:05 PM UTC-5, Jordan Borean wrote:
>
> I believe I may know what is happening and this was fixed in the latest
> devel branch so you can try that out if you like. Looks like it is failing
> to gather facts before it gets to your debug task, can you set *gather_facts:
> no* in your playbook as I'm really curious if the cert validation is
> being set properly.
>
> A few other things that would be helpful to know
>
> * Run *pip list* and post the output
> * What version of Ansible are you on
> * What version of Python 2.7 are you on
> * If you turn on fact gathering, does it would if you explicitly set the
> ignore var on the stat task like so
>
> - win_stat:
> path: C:\Users
> vars:
> ansible_winrm_server_cert_validation: ignore
>
> Looks like you are using a dynamic inventory for your AWS hosts, instead
> of having include_vars to point to the Windows vars file I would create a
> create an actual windows group in that inventory and add those hosts in
> there. In the end it would would look something similar to this (untested)
>
> # inventory/hosts
> [tag_OSType_Windows]
> # keep empty, is populated in the dynamic inventory
>
> [windows:children]
> tag_OSType_Windows
>
> # inventory/ec2.py
> ... keep as normal, just to show how to mix/match dynamic and static
> inventories
>
> # inventory/ec2.ini
> ... keep as normal
>
> # group_vars/windows.yml
> ansible_user: username
> ansible_password: "#####"
> ansible_port: 5986
> ansible_connection: winrm
> ansible_winrm_scheme: https
> # The following is necessary for Python 2.7.9+ when using default WinRM
> self-signed certificates:
> ansible_winrm_server_cert_validation: ignore
>
> # playbooks/windows.yml
> - name: run test on Windows host
> hosts: '{{target}}'
> tasks:
> - win_stat:
> path: C:\Users
>
> From there you would add a tag to the newly created instances OSType:
> Windows so that when Ansible reads it from the inventory it is
> automatically put in the Windows group. Even though you are running the
> playbook on the one host it will inherit the group based on that tag which
> in turn get's the Windows vars required.
>
> Thanks
>
> Jordan
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/4bf6b8ba-128a-4711-90d2-a697d569d63f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
