Re: [ansible-project] Re: Help with psrp in ansible 2.7

[Gil Shinar]

Hi Jordan,

Got back to that now. Joined forces with other team members but it just 
doesn't work.
We always get the error message:
ConnectionError: SOCKSHTTPConnectionPool(host='*.*.*.*', port=5985): Max 
retries exceeded with url: /wsman (Caused by 
NewConnectionError('<urllib3.contrib.socks.SOCKSConnection object at 
0x7f7fbe844450>: Failed to establish a new connection: [Errno 111] 
Connection ref
used',))

We've tried lots of stuff. Both ports (5985 and 5986). We've set the 
following parameters in the playbook:
    ansible_user: Administrator
    ansible_password: ********
    ansible_psrp_proxy: socks5h://0.0.0.0:1234
    ansible_connection: psrp
    ansible_psrp_protocol: http
    ansible_port: 5985

We've also tried:
    ansible_psrp_max_envelope_size: 1536000

We've also tried socks5 instead of socks5h

As for ssh configurations, we've used the following:
Host 10.0.*.*
  ProxyCommand ssh -CfN -D 0.0.0.0:1234 -p 22 -W %h:%p ubuntu@bastion
  IdentityFile ~/.ssh/keyFile.pem
  StrictHostKeyChecking no
  UserKnownHostsFile /dev/null

Host bastion
  Hostname  <bastion IP>
  User ubuntu
  IdentityFile ~/.ssh/keyFile.pem
  ControlMaster auto
  ControlPath ~/.ssh/ansible-%r@%h:%p
  ControlPersist 5
  StrictHostKeyChecking no
  UserKnownHostsFile /dev/null

What else are we missing here? Everything works from inside a docker 
container. The bastion is an AWS instance and the remote machine is also an 
AWS instance.
We thought that it might be a firewall on the way so we've created a 
another AWS instance and run everything from there. Nothing!

Do you have any other suggestions?

Thanks
Gil

On Monday, 15 October 2018 01:17:15 UTC+3, Jordan Borean wrote:
>
> Hey Gil (and anyone else interested)
>
> I finally was able to document this a bit more thoroughly with a step by 
> step example at 
> http://www.bloggingforlogging.com/2018/10/14/windows-host-through-ssh-bastion-on-ansible/.
>  
> No idea if you are still working on this but potentially you need to define 
> the proxy with the schema "socks5h://", the extra h on the end means all 
> DNS resolution is done on the bastion host and not the Ansible client.
>
> Thanks
>
> Jordan
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5ee3f9b5-0572-4c0a-a710-2c2fa0a3db62%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.