Hi, nobody has knowledge on this topic? It's quite critical to me for having a deployment workflow completed entirely with ansible.
Luca On Wed, May 13, 2020 at 2:42 PM Luca Lorenzetto <[email protected]> wrote: > > Hello, > > i'm hitting an issue with windows authentication and credential delegation. > That's the piece of playbook that has problem with privileges: > > - name: define migrator command > set_fact: > migratore_command: "{{ backup_path }}\\Migrator\\DB.Migrator.exe -s > -connstring \"Server=application-listener.dev\\applications,64000; > Database=USERAPPDB; User Id=USERAPP; Integrated Security=True;\"" > > - name: Execute migrator > win_shell: "{{ migrator_command }}" > args: > chdir: "{{ backup_path }}\\Migrator" > register: migrator > failed_when: migrator.rc != 6 > run_once: true > > I'm connecting to the windows machine where DB.Migrator.exe is via winrm > authenticated through kerberos. Authentication works fine, because tasks > before this are working perfectly (copy, remove file, other win_shell, > unarchive, etc). > > this DB.Migrator is a tool that uses my own credentials to connect to a > remote MSSQL application listener via integrated security and then updates > some data on that DB. > > I'm hitting this error (returned by stdout of execution): > > System.Data.SqlClient.SqlException (0x80131904): Login failed for user 'NT > AUTHORITY\\ANONYMOUS LOGON' > > On my inventory file i've set this parameters: > > ansible_port=5986 > ansible_connection=winrm > ansible_winrm_server_cert_validation=ignore > ansible_winrm_transport=kerberos > ansible_winrm_kerberos_delegation=true > > > What i'm expecting is that with kerberos_delegation, the application will > connect using the ansible_user, not anonymous logon. > > What is wrong? > > Is possible to use become: to use a given user to run this task, using the > right permissions? > > Thanks, > > Luca > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/35124e9b-76fe-4e89-829b-e6bfe5de6916%40googlegroups.com. -- "E' assurdo impiegare gli uomini di intelligenza eccellente per fare calcoli che potrebbero essere affidati a chiunque se si usassero delle macchine" Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716) "Internet è la più grande biblioteca del mondo. Ma il problema è che i libri sono tutti sparsi sul pavimento" John Allen Paulos, Matematico (1945-vivente) Luca 'remix_tj' Lorenzetto, http://www.remixtj.net , <[email protected]> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAKuX69oEd%3DECX5amHHgxc%3Dd371KYy6hq8NW44vr%3Dp%3DsChhkuuQ%40mail.gmail.com.
