Hi Tran, Still, think it is Firewall only, can you double check?
Thanks Ameya On Wed, Feb 27, 2019 at 2:49 PM Eric Tan <[email protected]> wrote: > Hi Ameya, > > Below is the debug information. By the way, the localhost is RHEL7 OS and > the ec2 we are trying to winrm is Windows Server 2012. > --------------------------------------------- > > TASK [ec2] > ********************************************************************* > task path: /home/ec2-user/ansible-netenv/hitwin.yml:12 > Using module file > /usr/local/lib/python2.7/site-packages/ansible/modules/cloud/a > mazon/ec2.py > <localhost> ESTABLISH WINRM CONNECTION FOR USER: Administrator on PORT > 5986 TO l ocalhost > Using module file > /usr/local/lib/python2.7/site-packages/ansible/modules/cloud/a > mazon/ec2.py > <localhost> ESTABLISH WINRM CONNECTION FOR USER: Administrator on PORT > 5986 TO l ocalhost > fatal: [xxx.xxx.xxx.xxx]: UNREACHABLE! => { > "changed": false, > "msg": "ssl: HTTPSConnectionPool(host='localhost', port=5986): Max > retries e xceeded with url: /wsman (Caused by > NewConnectionError('<urllib3.connection.Veri > fiedHTTPSConnection object at 0x7f78dc5213d0>: Failed to establish a new > connect ion: [Errno 111] Connection refused',))", > "unreachable": true > } > > to retry, use: --limit @/home/ec2-user/ansible-netenv/hitwin.retry > > > --------------------------------------------- > > On Wednesday, February 27, 2019 at 11:43:45 AM UTC+8, ameya agashe wrote: >> >> Hi Tan, >> >> Not aware of the issue you referring about, under normal >> circumstances the command I gave should work. Have you tried running >> playbook in debug mode to see what is happening under the cover? place >> "-vvv" at the last of command line. >> >> Regards >> Ameya Agashe >> >> On Wed, Feb 27, 2019 at 2:38 PM Eric Tan <[email protected]> wrote: >> >>> Hi Ameya, >>> >>> thanks for your response! >>> I forgot to add that the firewall is already opened in my issue but it >>> still doesnt work. >>> I read somewhere that it has to do with the cipher suite that RHEL7 and >>> Windows default uses. >>> >>> Do you have any idea about this? >>> >>> On Wed, Feb 27, 2019 at 10:51 AM ameya agashe <[email protected]> >>> wrote: >>> >>>> Run below in PowerShell and it should keep you going: >>>> >>>> netsh advfirewall firewall add rule name="Allow WinRM (Https)" dir=in >>>> localport=5986 protocol=tcp action=allow enable=yes >>>> >>>> Thanks and Regards, >>>> Ameya Agashe >>>> >>>> On Wed, Feb 27, 2019 at 1:38 PM Eric Tan <[email protected]> wrote: >>>> >>>>> ##### SUMMARY >>>>> 1. Using Python 2.7 in RHEL7 >>>>> 2. Executed powershell script in windows machine >>>>> ConfigureRemotingForAnsible.ps1 >>>>> 3. Configured yml file to the below: >>>>> >>>>> * name: hit windows test instance >>>>> hosts: "tag_class_windows_{{ env }}_{{ ec2_class }}" >>>>> vars: >>>>> ansible_user: Administrator >>>>> ansible_password: {{ password }} >>>>> ansible_port: 5986 >>>>> ansible_connection: winrm >>>>> ansible_winrm_server_cert_validation: ignore >>>>> ansible_winrm_operation_timeout_sec: 60 >>>>> ansible_winrm_read_timeout_sec: 70 >>>>> tasks: >>>>> >>>>> * ec2: >>>>> state: 'absent' >>>>> instance_ids: {{ instance_id }}' >>>>> ec2_region: '{{ ec2_region }}' >>>>> delegate_to: localhost >>>>> >>>>> Error encountered: >>>>> fatal: [xxx.xxx.xxx.xxx]: UNREACHABLE! => {"changed": false, "msg": >>>>> "ssl: HTTPSConnectionPool(host='localhost', port=5986): Max retries >>>>> exceeded with url: /wsman (Caused by >>>>> NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at >>>>> 0x7fefb0fdf3d0>: Failed to establish a new connection: [Errno 111] >>>>> Connection refused',))", "unreachable": true} >>>>> >>>>> ##### ISSUE TYPE >>>>> * Bug Report >>>>> >>>>> ##### COMPONENT NAME >>>>> winrm >>>>> >>>>> ##### ANSIBLE VERSION >>>>> ansible 2.4.3.0 >>>>> >>>>> ##### CONFIGURATION >>>>> HOST_KEY_CHECKING(/etc/ansible/ansible.cfg) = False >>>>> >>>>> ##### OS / ENVIRONMENT >>>>> Host: RHEL 7 >>>>> WinRM to Windows 2012 >>>>> >>>>> ##### STEPS TO REPRODUCE >>>>> ansible-playbook -i /etc/ansible/ec2.py hitwin.yml --extra-vars >>>>> "ec2_class=appservers env=test" >>>>> >>>>> * name: hit windows test instance >>>>> hosts: "tag_class_windows_{{ env }}_{{ ec2_class }}" >>>>> vars: >>>>> ansible_user: Administrator >>>>> ansible_password: {{ password }} >>>>> ansible_port: 5986 >>>>> ansible_connection: winrm >>>>> ansible_winrm_server_cert_validation: ignore >>>>> ansible_winrm_operation_timeout_sec: 60 >>>>> ansible_winrm_read_timeout_sec: 70 >>>>> tasks: >>>>> >>>>> * ec2: >>>>> state: 'absent' >>>>> instance_ids: {{ instance_id }}' >>>>> ec2_region: '{{ ec2_region }}' >>>>> delegate_to: localhost >>>>> >>>>> ##### EXPECTED RESULTS >>>>> Expected success to win rm and shutdown server >>>>> >>>>> ##### ACTUAL RESULTS >>>>> PLAY [hit windows test instance] >>>>> *********************************************** >>>>> >>>>> TASK [Gathering Facts] >>>>> ********************************************************* >>>>> ok: [xxx.xxx.xxx.xxx] >>>>> >>>>> TASK [ec2] >>>>> ********************************************************************* >>>>> fatal: [xxx.xxx.xxx.xxx]: UNREACHABLE! => {"changed": false, "msg": >>>>> "ssl: HTTPSConnectionPool(host='localhost', port=5986): Max retries >>>>> exceeded with url: /wsman (Caused by >>>>> NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at >>>>> 0x7fefb0fdf3d0>: Failed to establish a new connection: [Errno 111] >>>>> Connection refused',))", "unreachable": true} >>>>> >>>>> ``` >>>>> to retry, use: --limit @/home/ec2-user/ansible-netenv/hitwin.retry >>>>> ``` >>>>> PLAY RECAP >>>>> ********************************************************************* >>>>> xxx.xxx.xxx.xxx : ok=1 changed=0 unreachable=1 failed=0 >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Ansible Project" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To post to this group, send email to [email protected]. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/d/msgid/ansible-project/d90a7256-11a0-446f-943f-294356831c05%40googlegroups.com >>>>> <https://groups.google.com/d/msgid/ansible-project/d90a7256-11a0-446f-943f-294356831c05%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Ansible Project" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To post to this group, send email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/ansible-project/CAG9tf-9YD0wdZq2Y%3DbEuBBZSM%2BiYHemSmJ11M_Ux6vMBJ53O6Q%40mail.gmail.com >>>> <https://groups.google.com/d/msgid/ansible-project/CAG9tf-9YD0wdZq2Y%3DbEuBBZSM%2BiYHemSmJ11M_Ux6vMBJ53O6Q%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> >>> -- >>> >>> Regards, >>> >>> *Mr Tan Choa Hong, Eric (Mba)* >>> PMP®,CBAP®,CSM® >>> >>> >>> >>> >>> >>> LinkedIn : https://www.linkedin.com/in/er1csg >>> >>> Email : [email protected] >>> >>> AboutMe : https://about.me/er1c_sg >>> >>> >>> *The information contained in this email (including all attachments) is >>> confidential and may also be privileged. It is intended for the use only of >>> the addressee(s) named. If you are not the intended recipient, kindly note >>> that any dissemination, distribution, publication or copying of this email >>> is strictly prohibited. If you have received this email in error, please >>> accept our apologies and notify us immediately. Thereafter, kindly delete >>> all copies from your system. Although reasonable precautions have been >>> taken to ensure the integrity of this email and that it is virus free.* >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Ansible Project" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To post to this group, send email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/ansible-project/CADeC%2B8bhNZh844Hmmm41-KAgU%2B_WpMiRDBG8jnxHMidYOvn3Rg%40mail.gmail.com >>> <https://groups.google.com/d/msgid/ansible-project/CADeC%2B8bhNZh844Hmmm41-KAgU%2B_WpMiRDBG8jnxHMidYOvn3Rg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/fd7d8e96-1f66-4efd-a1f1-9e5a90ce8646%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/fd7d8e96-1f66-4efd-a1f1-9e5a90ce8646%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAG9tf--gSw0tpVOwcu77%2Bdjgdk5W4m%2BVkDtueZ-P8n9Pd31wqg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
