I've checked the eventlog and it appears that ansible was trying to become
root instead of the username from the vars.
I've dig again here to find some examples of become and i found one of your
answers:
https://groups.google.com/forum/#!searchin/ansible-project/windows$20become%7Csort:date/ansible-project/g205HMIEjws/tYYMEzlSBQAJ
Bottom line, it's working like that - and using the -K flag @ command line.
---
- hosts: windows
gather_facts: no
tasks:
- name: Check Visual studio Code file
win_stat:
path: \\some\dfs\path\VSCodeSetup-1.8.1.exe
register: result
state: present
become: yes
become_method: runas
become_user: ansible@domain
Thank you Jordan!
On Tuesday, February 6, 2018 at 2:11:30 PM UTC+2, Jeremie Levy wrote:
>
> Also Tried
> ---
> - hosts: windows
> gather_facts: no
> vars:
> - username: ansible@DOMAIN
> - password: password
> become_method: runas
> tasks:
> - name: Check Visual studio Code file
> win_stat:
> path: \\some\dfs\path\VSCodeSetup-1.8.1.exe
> register: result
> state: present
> become: yes
>
> And got:
>
> ansible-playbook 2.5.0 (devel 575e9e9294) last updated 2018/02/06 08:39:18
> (GMT +300)
> config file = /ansible/scripts/ansible.cfg
>
> configured module search path =
> [u'/home/ansible/.ansible/plugins/modules',
> u'/usr/share/ansible/plugins/modules']
> ansible python module location = /ansible/scripts/ansible/lib/ansible
>
> executable location = /ansible/scripts/ansible/bin/ansible-playbook
>
> python version = 2.7.12 (default, Dec 4 2017, 14:50:18) [GCC 5.4.0
> 20160609]
> Using /ansible/scripts/ansible.cfg as config file
>
> setting up inventory plugins
>
> Parsed /scripts/windows-inventory.yml inventory source with yaml plugin
>
> Loading callback plugin default of type stdout, v2.0 from
> /ansible/scripts/ansible/lib/ansible/plugins/callback/default.pyc
>
>
>
>
> <hasgappqba2303.domain> WINRM STDERR
> <hasgappqba2303.domain> WINRM CLOSE SHELL:
> AC3CF2B5-A044-43DF-A24B-53DB23624226
> The full traceback is:
> Exception calling "RunAsUser" with "7" argument(s): "LogonUser failed (The
> user name or password is incorrect,
> Win32ErrorCode 1326)"
> At line:1062 char:9
> + $result = [Ansible.BecomeUtil]::RunAsUser($username, $passwor ...
> + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> + CategoryInfo : NotSpecified: (:) [],
> MethodInvocationException
> + FullyQualifiedErrorId : Win32Exception
>
>
> fatal: [hasgappqba2303.domain]: FAILED! => {
> "changed": false,
> "failed": true,
> "msg": "Exception calling \"RunAsUser\" with \"7\" argument(s):
> \"LogonUser failed (The user name or password is incorrect, Win32ErrorCode
> 1326)\""
> }
>
>
>
>
> On Tuesday, February 6, 2018 at 12:45:31 PM UTC+2, Jeremie Levy wrote:
>>
>> Win_package is working fine locally. I'm downloading all the SW i need
>> and install them locally
>> win_stat:
>> TASK [Check Visual studio Code file]
>> ***************************************************************************************************************************************************************************************************************************************************************************************
>> task path: /ansible/scripts/win_stat.yaml:4
>> Using module file
>> /usr/lib/python2.7/dist-packages/ansible/modules/windows/win_stat.ps1
>> Using module file
>> /usr/lib/python2.7/dist-packages/ansible/modules/windows/win_stat.ps1
>> <hasgappqba2302.domain> ESTABLISH WINRM CONNECTION FOR USER: ansible@
>> domain on PORT 5986 TO hasgappqba2302.domain
>> <hasgappqba2303.domain> ESTABLISH WINRM CONNECTION FOR USER: ansible@
>> domain on PORT 5986 TO hasgappqba2303.domain
>> creating Kerberos CC at /tmp/tmpMi3utN
>> creating Kerberos CC at /tmp/tmpUIFzBS
>> calling kinit for principal ansible@domain
>> calling kinit for principal ansible@domain
>> kinit succeeded for principal ansible@domain
>> <hasgappqba2302.domain> WINRM CONNECT: transport=kerberos endpoint=
>> https://hasgappqba2302.domain:5986/wsman
>> kinit succeeded for principal ansible@domain
>> <hasgappqba2303.domain> WINRM CONNECT: transport=kerberos endpoint=
>> https://hasgappqba2303.domain:5986/wsman
>> <hasgappqba2302.domain> WINRM OPEN SHELL:
>> FA267E6D-94C1-4BF1-AD41-75900BCC25DC
>> <hasgappqba2303.domain> WINRM OPEN SHELL:
>> 47C7EA5A-202C-4560-B54B-B614A3C8B9C7
>> EXEC (via pipeline wrapper)
>> EXEC (via pipeline wrapper)
>> <hasgappqba2302.domain> WINRM EXEC 'PowerShell' ['-NoProfile',
>> '-NonInteractive', '-ExecutionPolicy', 'Unrestricted', '-']
>> <hasgappqba2303.domain> WINRM EXEC 'PowerShell' ['-NoProfile',
>> '-NonInteractive', '-ExecutionPolicy', 'Unrestricted', '-']
>> <hasgappqba2303.domain> WINRM RESULT u'<Response code 1, out
>> "{"changed":false,"st", err "Test-Path : Access i">'
>> <hasgappqba2303.domain> WINRM STDOUT
>> {"changed":false,"stat":{"exists":false}}
>>
>> <hasgappqba2303.domain> WINRM STDERR Test-Path : Access is denied
>> At line:91 char:5
>> + If (Test-Path -Path $path)
>> + ~~~~~~~~~~~~~~~~~~~~~
>> + CategoryInfo : PermissionDenied:
>> (\\some\dfs\path\j...Setup-1.8.1.exe:String) [Test-Path], UnauthorizedAc
>> cessException
>> + FullyQualifiedErrorId :
>> ItemExistsUnauthorizedAccessError,Microsoft.PowerShell.Commands.TestPathCommand
>>
>>
>>
>> <hasgappqba2303.domain> WINRM CLOSE SHELL:
>> 47C7EA5A-202C-4560-B54B-B614A3C8B9C7
>> ok: [hasgappqba2303.domain] => {
>> "changed": false,
>> "stat": {
>> "exists": false
>> }
>> }
>> <hasgappqba2302.domain> WINRM RESULT u'<Response code 1, out
>> "{"changed":false,"st", err "Test-Path : Access i">'
>> <hasgappqba2302.domain> WINRM STDOUT
>> {"changed":false,"stat":{"exists":false}}
>>
>> <hasgappqba2302.domain> WINRM STDERR Test-Path : Access is denied
>> At line:91 char:5
>> + If (Test-Path -Path $path)
>> + ~~~~~~~~~~~~~~~~~~~~~
>> + CategoryInfo : PermissionDenied:
>> (\\some\dfs\path\j...Setup-1.8.1.exe:String) [Test-Path], UnauthorizedAc
>> cessException
>> + FullyQualifiedErrorId :
>> ItemExistsUnauthorizedAccessError,Microsoft.PowerShell.Commands.TestPathCommand
>>
>>
>>
>> <hasgappqba2302.domain> WINRM CLOSE SHELL:
>> FA267E6D-94C1-4BF1-AD41-75900BCC25DC
>> ok: [hasgappqba2302.domain] => {
>> "changed": false,
>> "stat": {
>> "exists": false
>> }
>> }
>> META: ran handlers
>> META: ran handlers
>>
>> PLAY RECAP
>> *****************************************************************************************************************************************************************************************************************************************************************************************************************
>> hasgappqba2302.domain : ok=2 changed=0 unreachable=0 failed=0
>> hasgappqba2303.domain : ok=2 changed=0 unreachable=0 failed=0
>>
>>
>> I am not sure how to use ansible_user variable, in the inventory file or
>> the playbook ?
>> fatal: [hasgappqba2303.domain]: FAILED! => {
>> "failed": true,
>> "msg": "Internal Error: this connection module does not support
>> running commands via sudo"
>> }
>> With:
>> tasks:
>> - name: Check Visual studio Code file
>> win_stat:
>> path: \\some\dfs\path\VSCodeSetup-1.8.1.exe
>> register: result
>> state: present
>> become: yes
>> become_user: ansible
>>
>> I've downloaded version 2.5 and this is the result i got...
>>
>> Any direction?
>>
>>
>> On Tuesday, February 6, 2018 at 4:02:27 AM UTC+2, Jordan Borean wrote:
>>>
>>> What I would try so that we can narrow down the issue
>>>
>>> * Run win_package but set the path to a local path and see if that works
>>> * Run a win_stat of the network path executable and see if it sees the
>>> file (exists is True)
>>> * Use the username/password options and set it to "{{ ansible_user }}"
>>> and "{{ ansible_password }}" respectively as that will be used when copying
>>> the file locally
>>> * If you are on Ansible 2.5 (or the devel branch), see if become works
>>> it should run the module as you would when logged on locally
>>>
>>> Thanks
>>>
>>> Jordan
>>>
>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/7af10319-30fc-45ce-99a6-32467c667227%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
