Hey there, Thank you Pixel Fairy for reporting this improvement request. Thank you Alvaro and Mário for your useful inputs.
Ansible support for Windows has without any doubt strongly evolved since late 2015, which is the time when the WinRM support was added to the Ansible provisioner in Vagrant 1.8 <https://github.com/hashicorp/vagrant/pull/6576>. Therefore, I'm certain that we should give it some valuable updates, but the Vagrant+Ansible community was not very active on this field so far... and I personally don't manage (yet) Windows hosts (neither for fun or profit ;-) How should i test it to help the core developers? By "help to test that works", I think Alvaro meant that it would be of great help if you could provide us a minimalistic setup/project that demonstrates the issue, and its resolution. Ideally a public git repo with all the information to reproduce/illustrate the use case (Vagrantfile, Ansible playbook, etc.). That can save a lot of time, and avoid misunderstanding. 1. "ansible_winrm_server_cert_validation: ignore" in the generated inventory So at first glance, I think that Proposal 1 is probably a good approach (i.e. KISS), but I'd like to better figure out the Ansible usage landscape, combined with what Vagrant already supports regarding WinRM communication <https://www.vagrantup.com/docs/vagrantfile/winrm_settings.html#available-settings>, especially the config.winrm.transport option. is option 2 possible? I guess ;-) It would be great if you could investigate the capabilities offered by config.winrm.* options (e.g. to configure the ssl certs). The idea is then to improve the Ansible provisioner so it also honours the same settings. is it even worth the effort if windows is going to switch to ssh anyway? Good point (and more amazing stuff ahead <https://www.vagrantup.com/docs/vagrantfile/winssh_settings.html> ;-). After a very quick look at the Win32-OpenSSH milestones <https://github.com/PowerShell/Win32-OpenSSH/milestones>, I think it is still worth to make some Quick Wins on top of WinRM. But it will be reasonable to set some constraints, based on the WinSSH perspectives. For the next step, I invite you to create a GitHub issue <https://github.com/hashicorp/vagrant/issues/new>, describing the *expected behaviour* (e.g. new parameters in the generated ansible inventory <https://www.vagrantup.com/docs/provisioning/ansible_intro.html#auto-generated-inventory>, taking into account the concerns mentioned above). It would be very much appreciated if you or someone else also wants to implement this. Otherwise, I'll be happy to help, once the "specs" are clarified. I wish we'll go forward with this! Best regards, Gilles Le lundi 14 mai 2018 05:45:53 UTC+2, pixel fairy a écrit : > > How should i test it to help the core developers? I use ignore > cert_validation in all my windows ansible vagrant sessions. > > On Tuesday, May 8, 2018 at 9:08:55 AM UTC-7, Alvaro Miranda Aguilera wrote: >> >> correct, but if you can help to test that works, then a PR should be >> easier. >> >> I am not sure vagrant core developers use ansible to be able to test and >> code that >> >> >> Alvaro >> >> On Tue, May 8, 2018 at 1:54 AM, pixel fairy <[email protected]> wrote: >> >>> >>> >>> On Monday, May 7, 2018 at 12:39:42 AM UTC-7, Alvaro Miranda Aguilera >>> wrote: >>>> >>>> not a chance you can test to deploy the certs that ansible can use with >>>> a file provisioner or something? >>>> >>>> >>>> https://docs.ansible.com/ansible/2.5/user_guide/windows_winrm.html#certificate >>>> >>> >>> the point was to have the ansible provisioner handle these details in >>> the background by default. >>> >>> its not that big a deal to throw an extra line in your playbook. just >>> think vagrant should handle these things for the user. >>> >>> >>>> >>>> >>>> Alvaro >>>> >>>> On Sun, May 6, 2018 at 3:24 AM, pixel fairy <[email protected]> wrote: >>>> >>>>> disclaimer, all i know about winrm is that its kinda like windows >>>>> equivalent to ssh if you squint at it just right from a far enough away. >>>>> >>>>> windows doesnt work out of the box as expected with the ansible >>>>> provisioner. theres two ways i think this can be fixed. >>>>> >>>>> 1. "ansible_winrm_server_cert_validation: ignore" in the generated >>>>> inventory >>>>> 2. dont ignore it, but use a self signed cert that vagrant already >>>>> knows about, and have it generate a new cert the way it does with ssh. >>>>> >>>>> is option 2 possible? is it even worth the effort if windows is going >>>>> to switch to ssh anyway? >>>>> >>>>> -- >>>>> This mailing list is governed under the HashiCorp Community Guidelines >>>>> - https://www.hashicorp.com/community-guidelines.html. Behavior in >>>>> violation of those guidelines may result in your removal from this >>>>> mailing >>>>> list. >>>>> >>>>> GitHub Issues: https://github.com/mitchellh/vagrant/issues >>>>> IRC: #vagrant on Freenode >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Vagrant" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/d/msgid/vagrant-up/be9be99c-3fff-45c2-a1c4-ce6afa3e4fb6%40googlegroups.com >>>>> >>>>> <https://groups.google.com/d/msgid/vagrant-up/be9be99c-3fff-45c2-a1c4-ce6afa3e4fb6%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> >>>> >>>> >>>> -- >>>> Alvaro >>>> >>>> -- >>> This mailing list is governed under the HashiCorp Community Guidelines - >>> https://www.hashicorp.com/community-guidelines.html. Behavior in >>> violation of those guidelines may result in your removal from this mailing >>> list. >>> >>> GitHub Issues: https://github.com/mitchellh/vagrant/issues >>> IRC: #vagrant on Freenode >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "Vagrant" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/vagrant-up/fb35c13c-d704-455a-953d-bed349a93709%40googlegroups.com >>> >>> <https://groups.google.com/d/msgid/vagrant-up/fb35c13c-d704-455a-953d-bed349a93709%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> >> >> -- >> Alvaro >> >> -- This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list. GitHub Issues: https://github.com/mitchellh/vagrant/issues IRC: #vagrant on Freenode --- You received this message because you are subscribed to the Google Groups "Vagrant" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/83040a47-d910-4890-a774-e6e90c935184%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
