is it possible to give me an hint in regards to Ansible and Windows host? I have set up a Ansible server and a Windows host. I am not able to execute win_ping. It seems that I have something messed up with the configuration on the server.
ansible win -m win_ping
Error message:
192.168.178.10 | FAILED! => {
"msg": "the connection plugin 'winrm ## The kind of connection which ansible will make with remote windows node' was not found"
}
Firewall config seems to configured properly. I am able to connect from the Ansible server to the Windows host:
b#b:~$ nc -vz 192.168.178.10 5986
Connection to 192.168.178.10 5986 port [tcp/*] succeeded!
b#b:~$ nc -vz 192.168.178.10 5985
Connection to 192.168.178.10 5985 port [tcp/*] succeeded!
This is the configuration of /etc/ansible/hosts
...
[win]
192.168.178.10
[win:vars]
ansible_user=a
ansible_password="xxxx"
ansible_connection=winrm
ansible_winrm_server_cert_validation=ignore
ansible_port=5986
...
Ansible uses the pywinrm package to communicate with Windows servers over WinRM. It is not installed by default with the Ansible package, but can be installed by running the following:
pip install "pywinrm>=0.3.0"
If you have installed the packages required and still facing the issue then I would recommend you to go through Ansible guide again.
https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html
Related
I created an Azure Windows 2019 server and ran the ConfiguringRemotingForAnsible.ps1. When I try to ping the server getting the error
<13.82.47.35> ESTABLISH WINRM CONNECTION FOR USER: *** on PORT 5986 TO **.**.**.**
EXEC (via pipeline wrapper)
[WARNING]: ERROR DURING WINRM SEND INPUT - attempting to recover: WinRMError The pipe is being closed. (extended fault data: {'transport_message': 'Bad HTTP response
returned from server. Code 500', 'http_status_code': 500, 'wsmanfault_code': '232', 'fault_code': 's:Receiver', 'fault_subcode': 'w:InternalError'})
13.82.47.35 | FAILED! => {
"msg": "winrm send_input failed; \nstdout: \nstderr S\u0000t\u0000a\u0000r\u0000t\u0000i\u0000n\u0000g\u0000 \u0000t\u0000h\u0000e\u0000 \u0000C\u0000L\u0000R\u0000 \u0000f\u0000a\u0000i\u0000l\u0000e\u0000d\u0000 \u0000w\u0000i\u0000t\u0000h\u0000 \u0000H\u0000R\u0000E\u0000S\u0000U\u0000L\u0000T\u0000 \u00008\u00000\u00000\u00000\u00004\u00000\u00000\u00005\u0000.\u0000\r\u0000\n\u0000"
}
Command used - ansible -i hosts win -m win_ping
hosts
[win]
x.x.x.x
[win:vars]
ansible_password=*************
ansible_connection=winrm
ansible_winrm_transport=basic
ansible_shell_type=powershell
ansible_user=*****
ansible_port=5986
ansible_winrm_server_cert_validation=ignore
The error output states "Starting the CLR failed with HRESULT 80004005" - this error typically points to a .NET framework install which needs to be repaired or reinstalled. Try reinstalling .net: http://msdn.microsoft.com/en-us/netframework/aa569263.aspx
I was able to successfully test your inventory file setup above on a cleanly built Windows 2019 instance, so I believe your config is sound.
I'm using Ubuntu Linux
I have created an inventory file and I have put my own system IP address there.
I have written a playbook to install the nginx package.
I'm getting the following error:
false, msg" : Failed to connect to the host via ssh: connect to host myip : Connection refused, unreachable=true
How can I solve this?
You could use the hosts keyword with the value localhost
- name: Install nginx package
hosts: localhost
tasks:
- name: Install nginx package
apt:
name: nginx
state: latest
Putting your host IP directly in your inventory treats your local machine as any other remote target. Although this can work, ansible will use the ssh connection plugin by default to reach your IP. If an ssh server is not installed/configured/running on your host it will fail (as you have experienced), as well as if you did not configure the needed credentials (ssh keys, etc.).
You don't need to (and in most common situations you don't want to) declare localhost in your inventory to use it as it is implicit by default. The implicit localhost uses the local connection plugin which does not need ssh at all and will use the same user to run the tasks as the one running the playbook.
For more information on connection plugins, see the current list
See #gary lopez answer for an example playbook to use localhost as target.
I am trying to set up my ansible host to connect to windows. However ping is failing with the following error:
sudo ansible win -m win_ping
hostname | UNREACHABLE! => {
"changed": false,
"msg": "basic: HTTPConnectionPool(host='hostname', port=5986): Read timed out. (read timeout=30)",
"unreachable": true
}
pywinrm is installed on my linux box and WinRM is installed on the windows box.
Hosts file:
[win]
systemname
[win:vars]
ansible_user=username
ansible_password=passord
ansible_connection=winrm
ansible_winrm_scheme=http
ansible_winrm_server_cert_validation=ignore
ansible_winrm_transport=basic
Appreciate any advice.
Thanks.
Disabling the Windows Firewall (Domain, private and public networks) in the Windows box, fixed the issue for me.
Can you double check the WinRM Listener settings:
winrm enumerate winrm/config/Listener
If the output is what you expect, can you test a command on the local server as shown here:
winrs -r:http://server:5985/wsman -u:Username -p:Password ipconfig
Ansible has a good reference on this topic as well.
I am trying to connect to Windows Server 2012 from my ansible server (Centos7).
Let's assume its host is x and port is y
I managed to connect to other linux based servers but I cannot connect to the windows one.
I followed the tutorial here and after all setups and configurations I get the following error:
root#localhost: ansible# ansible windows -i hosts -m win_ping --ask-vault-pass
Vault password:
WindowsServer | UNREACHABLE! => {
"changed": false,
"msg": "ssl: HTTPSConnectionPool(host='x', port=y): Max retries exceeded with url: /wsman (Caused by ProxyError('Cannot connect to proxy.', error('Tunnel connection failed: 403 Forbidden',)))",
This is my group_vars/windows.yml file:
# it is suggested that these be encrypted with ansible-vault:
# ansible-vault edit group_vars/windows.yml
ansible_user: Administrator
ansible_password: password
ansible_port: y
ansible_connection: winrm
This is my hosts file snippet:
[windows]
WindowsServer ansible_host=x
I did configure windows server with this file.
Please help, I have no idea what to do to make the connection work.
As J and Mike from ansible google group suggested:
The reason of the error were environment variables HTTP_PROXY and HTTPS_PROXY that ansible used from the system.
To let ansible know that you are using proxy you have to:
1. Locate transport.py that comes with pywinrm
2. modify the following line session.trust_env to make it false.
125 # configure proxies from HTTP/HTTPS_PROXY envvars
126 # session.trust_env = True
127 session.trust_env = False
3. pywinrm will no longer check your local env for a proxy.
After that I also neeeded to add one more variable to group_vars/windows.yml file:
ansible_winrm_server_cert_validation: ignore
When I tried to ping my Windows instance using ansible windows -i hosts.ini -m win_ping, I got the following error:
54.197.197.91 | UNREACHABLE! => {
"changed": false,
"msg": "plaintext: the specified credentials were rejected by the server",
"unreachable": true
}
My hosts.ini file looks like:
[windows]
54.197.197.91
[windows:vars]
ansible_ssh_user=Administrator
ansible_ssh_pass=MyPassword123!
ansible_ssh_port=5985
ansible_connection=winrm
To solve that, I have done this :
ansible-vault create secret.yml
and entered my password there like this:
win_initial_password: MyPassword123!
Then, my hosts.ini file looked like:
[windows]
54.197.197.91
[windows:vars]
ansible_ssh_user=Administrator
ansible_ssh_pass={{ win_initial_password }}
ansible_ssh_port=5985
ansible_connection=winrm
When I tried pinging, I got the below error :
54.197.197.91 | FAILED! => {
"failed": true,
"msg": "the field 'password' has an invalid value, which appears to include a variable that is undefined. The error was: 'win_initial_password' is undefined"
}
Where am I going wrong?
I solved it by changing these :
ansible_ssh_port=5986
ansible_winrm_server_cert_validation=ignore
This worked.
As I was following an Ansible example similar to the original post, the accepted answer didn't work for me, the following got it working
Note: This is sending password in plain text so don't use in production
On the target machine, run a powershell with admin rights and enter these commands:
Set-Item -Path WSMan:\localhost\Service\Auth\Basic -Value $true
winrm set winrm/config/service '#{AllowUnencrypted="true"}'
Also verify your firewall is configured correctly to allow the necessary ports through (TCP/5985, TCP/5986)
Sources:
http://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html#authentication-options
https://github.com/diyan/pywinrm/issues/114
Still was an issue for me. My solution was to reinstall python-pip packages related to winrm from scratch. I had to use official Ansible documentation. As per documentation:
apt-get install python-pip git libffi-dev libssl-dev -y
pip install ansible pywinrm
Port number for Windows is 5986 so you var configuration should be ansible_ssh_port: 5986
I came across this same issue even with "AllowUnencrypted" set to true. I observed that win_ping was working for IEUser that was added to Administrator group but failing with
windows-server | UNREACHABLE! => {
"changed": false,
"msg": "plaintext: the specified credentials were rejected by the server",
"unreachable": true
}
for test-user that was not in Administrator group.
So I added the test-user to Administrator group and the issue got resolved.
I've googled a lot and finally the below configuration worked for me. I've added ntlm to my config file.
ansible_user: user#DOMAIN.COM
ansible_password: password
ansible_connection: winrm
ansible_ssh_port: 5986
ansible_winrm_transport: ntlm
ansible_winrm_server_cert_validation: ignore
Windows:
I have installed UBUNTU18-LTE in windows and face a lot of issues. So sharing my experience with the same error. Hope this will help.
The user must be local. Guys remember the user(ansible) must be a local(host - 192.168.11.22) admin user else no use of the below process.
Hosts file example.
cat /etc/ansible/hosts
[win]
192.168.11.22
[win:vars]
ansible_connection=winrm
ansible_user=ansible # Local admin user of host machine 192.168.11.22
ansible_password=ansible123
ansible_winrm_server_cert_validation=ignore
ansible_winrm_trasport=basic
ansible_port=5985 #HTTP
Run the below command on host PowerShell windows.
winrm configsddl default #Give permission to ansible user
Post step 2 configuration execute below 2 commands on host PowerShell.
winrm set winrm/config/service/auth '#{Basic="true"}'
winrm set winrm/config/service '#{AllowUnencrypted="true"}'
The Other use-full PowerShell commands to test the winrm connection.
winrm enumerate winrm/config/Listener.
winrm get winrm/config
WinRM quickconfig #Check winrm service is running
winrs -r:http://hostservername:5985/wsman -u:RDPusername -p:RDPpassword ipconfig/all