I´m currently trying to create update Jobs for Windows Servers which mostly works. But on all my DCs (expect one, don´t know why this one is working) gathering facts failed with this error message:
fatal: [hostname]: FAILED! => {"ansible_facts": {}, "changed": false, "failed_modules": {"setup": {"exception": "Access denied \r\nAt line:63 char:44\r\n+ ... e_name] = $(Get-CimInstance -Namespace $namespace -ClassName $instanc ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : PermissionDenied: (Root\\CIMV2:Win3...erConfiguration:String) [Get-CimInstance], CimException\r\n + FullyQualifiedErrorId : HRESULT 0x80041003,Microsoft.Management.Infrastructure.CimCmdlets.GetCimInstanceCommand\r\n\r\nScriptStackTrace:\r\nat Get-LazyCimInstance, <No file>: line 63\r\nat <ScriptBlock>, <No file>: line 142\r\n\r\nMicrosoft.Management.Infrastructure.CimException: Access denied \r\n at Microsoft.Management.Infrastructure.Internal.Operations.CimAsyncObserverProxyBase`1.ProcessNativeCallback(OperationCallbackProcessingContext callbackProcessingContext, T currentItem, Boolean moreResults, MiResult operationResult, String errorMessage, InstanceHandle errorDetailsHandle)", "failed": true, "msg": "Unhandled exception while executing module: Access denied "}}, "msg": "The following modules failed to execute: setup\n"}
Executing commands on those DCs are working, only gathering facts failed. On non DCs gathering facts works.
Does anyone have an idea what could be the problem?
Fixed it with update ansible to some > 2.9.
With ansible 2.10 or ansible4 it is working
Related
I have a Terraform+Ansible combination that sets up an OVH cloud instance, and then runs an Ansible playbook on it using provisioners. When I run this locally, I can supply the public and private keys directly via the command line (not using file paths), and the terraform apply works perfectly.
On Terraform Cloud, I create the keys as variables. When I run the Terraform plan, the remote-exec provisioner works, and connects to the instance as it should. However, the local-exec fails with a Permission denied (publickey). What am I missing?
My provisioner blocks:
# Dummy resource to hold the provisioner that runs ansible
resource "null_resource" "run_ansible" {
provisioner "remote-exec" {
inline = ["sudo apt update", "sudo apt install python3 -y", "echo Done!"]
connection {
host = openstack_compute_instance_v2.test_instance.network[0].fixed_ip_v4
type = "ssh"
user = "ubuntu"
private_key = var.pvt_key
}
}
provisioner "local-exec" {
command = "python3 -m pip install --no-input ansible; ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u ubuntu -i '${openstack_compute_instance_v2.test_instance.network[0].fixed_ip_v4},' '--private-key=${var.pvt_key}' -e 'pub_key=${var.pub_key}' ansible/setup.yml"
}
}
Terraform cloud run error:
TASK [Gathering Facts] *********************************************************
fatal: [xx.xxx.xxx.xx]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added 'xx.xxx.xxx.xx' (ECDSA) to the list of known hosts.\r\nno such identity: /home/tfc-agent/.tfc-agent/component/terraform/runs/run-AhaANkduM9YXJVoC/config/<<EOT\n-----BEGIN OPENSSH PRIVATE KEY-----<private-key>-----END OPENSSH PRIVATE KEY-----\nEOT: No such file or directory\r\nubuntu#xx.xxx.xxx.xx: Permission denied (publickey).", "unreachable": true}
I solved the problem by creating (sensitive) key files on the Terraform Cloud host, and passing the paths to them to Ansible instead.
The variables are still supplied via TFCloud, but without the heredoc syntax.
I had to add an extra new line \n at the end of the key to get around it being stripped. See the following issue: https://github.com/ansible/awx/issues/9082.
resource "local_sensitive_file" "key_file" {
content = "${var.pvt_key}\n"
filename = "${path.root}/.ssh/key"
file_permission = "600"
directory_permission = "700"
}
resource "local_sensitive_file" "pubkey_file" {
content = "${var.pub_key}\n"
filename = "${path.root}/.ssh/key.pub"
file_permission = "644"
directory_permission = "700"
}
I have to set ansible_python_interpreter variable for windows host, but when I set this as:
ansible_python_interpreter=C:\Program Files\Python310
It throws error like:
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: re.error: bad escape \P at position 3
host_name | FAILED! => {
"msg": "Unexpected failure during module execution.",
"stdout": ""
How to solve this issue?
We have a playbook which create the VM. First time when I ran the infrastructure pipeline VM is created.
After making some "sku" related changes in playbook and trying to run the pipeline again, getting below error.
2020-11-09T09:42:37.7488228Z TASK [ansible-role-adfv2-shir : Install Java Runtime Environment] **************
2020-11-09T09:42:37.7489504Z task path: /opt/ansible-roles/cloud/2020.10-212/ansible-role-adfv2-shir/tasks/install.yml:24
2020-11-09T09:42:37.7491381Z Monday 09 November 2020 04:42:37 -0500 (0:00:31.732) 0:12:49.681 *******
2020-11-09T09:42:37.8258708Z Using module file /home/cvx_admin_user/.ansible-virtualenv/lib/python2.7/site-packages/ansible/modules/windows/win_package.ps1
2020-11-09T09:42:37.8261046Z <10.71.116.128> ESTABLISH WINRM CONNECTION FOR USER: cvx_admin_user on PORT 5986 TO 10.71.116.128
2020-11-09T09:42:37.8261724Z checking if winrm_host 10.71.116.128 is an IPv6 address
2020-11-09T09:42:37.8262337Z <10.71.116.128> WINRM CONNECT: transport=ssl endpoint=https://10.71.116.128:5986/wsman
2020-11-09T09:42:37.9552112Z <10.71.116.128> WINRM OPEN SHELL: 6450AAB3-A367-49DA-B034-B197FC2A464D
2020-11-09T09:42:37.9555186Z EXEC (via pipeline wrapper)
2020-11-09T09:42:37.9558598Z <10.71.116.128> WINRM EXEC 'PowerShell' ['-NoProfile', '-NonInteractive', '-ExecutionPolicy', 'Unrestricted', '-']
2020-11-09T09:43:15.3305027Z <10.71.116.128> WINRM RESULT u'<Response code 0, out "{"stdout":"","rc":16", err "">'
2020-11-09T09:43:15.3361619Z <10.71.116.128> WINRM CLOSE SHELL: 6450AAB3-A367-49DA-B034-B197FC2A464D
**2020-11-09T09:43:15.3500563Z fatal: [corest-tsir00]: FAILED! => {
2020-11-09T09:43:15.3530075Z "changed": false,
2020-11-09T09:43:15.3560075Z "exit_code": 1618,
2020-11-09T09:43:15.3560924Z "msg": "unexpected rc from install C:\\ExeSources\\jre8u191windowsx64.exe: see rc, stdout and stderr for more details",
2020-11-09T09:43:15.3561602Z "rc": 1618,
2020-11-09T09:43:15.3562066Z "reboot_required": false,
2020-11-09T09:43:15.3562571Z "restart_required": false,
2020-11-09T09:43:15.3563039Z "stderr": "",
2020-11-09T09:43:15.3563488Z "stderr_lines": [],
2020-11-09T09:43:15.3563938Z "stdout": "",
2020-11-09T09:43:15.3564377Z "stdout_lines": []
2020-11-09T09:43:15.3564820Z }**
I am not sure why I am getting this error. Please help me out with this error.
Thanks!
Your return code for jre8u191windowsx64.exe is 1618, which means ERROR_INSTALL_ALREADY_RUNNING. The MSI error code page tells us that:
Another installation is already in progress. Complete that installation before proceeding with this install.
my playbook is like
- name: configuring pdf harmony
expect:
command: ./install.sh
responses:
'This will install pdfharmony on your system. Do you want to continue[y/N]?': y
'Do you agree with this copyright? [y/N]': y
'Now you must enter a valid registration number:': XXXX-XXXX-XXXX-XXXX-XXXX
echo: yes
args:
chdir: '{{ dest_dir }}/pdfHarmony_20_L26_64'
become: yes
Error:
fatal: [10.135.232.213]: FAILED! => {"changed": true, "cmd": "./install.sh",
"delta": "0:00:30.186764", "end": "2016-08-12 14:02:23.384237", "failed":
true, "invocation": {"module_args": {"chdir":
"/usr/local/pdfHarmony_20_L26_64", "command": "./
mounted or mapped drive. You may not copy the software to use for ",
"development, testing or staging purposes.", "", "1. Restrictions: You may
not resell, transfer, rent or lease the Software ", "without the specific
agreement of Appligent. You may not reverse engineer, ", "\u001b[7m--More--
\u001b[27m"]}
I could not understand the cause of this error
when installing manually,
Here when you pass y to the first prompt, you get a copyright agreement which is more than a page and you will find --More-- at the end of the page and when keep on pressing enter last line of the agreement the second prompt(question appears) like
when you press y for 1st prompt you see this
then you press more
after pressing more at last you see this
then it asks for reg. keys
Update:
it is like not listening to my next response after more.. i am not able to understand how this is happening
it is not taking my response for
'Do you agree with this copyright? [y/N]': y
i have added more and now it looks like
- name: configuring pdf harmony
expect:
command: ./install.sh
responses:
'This will install pdfharmony on your system. Do you want to continue[y/N]?': y
'--More--': \r
'(?i)Do you agree with this copyright? [y/N]': y
'Now you must enter a valid registration number': XXXX-XXXX-XXXX-XXXX-XXXX
echo: yes
args:
chdir: '{{ dest_dir }}/pdfHarmony_20_L26_64'
become: yes
But now it fails at next response it doesn't take the next response and i don't know why it fails at:
"\u001b[7m--More--\u001b[27m\u0007\u0007", "Updates may be licensed to you
by Appligent with additional or different terms.", "", "Do you agree with
this copyright? [y/N] : "]}
There is a new error with the module and i can make nothing out of it, ichanghed the play to :
- name: configuring stamp pdf batch
expect:
command: /bin/bash -c "stty rows 2000,2000; ./install.sh"
responses:
'This will install stamppdf on your system. Do you want to continue[y/N]?': y
# '--More--': \r
'(?i)Do you agree with this copyright\? \[y/N\]': y
'AP_FONT_DIR [/usr/local/fonts]': y
'Now you must enter a valid registration number': '{{ stamp_pdf_key }}'
echo: yes
args:
chdir: '{{ dest_dir }}/StampPDFBatch_60_L26_64'
become: yes
the error is:
fatal: [10.135.232.213]: FAILED! => {"changed": false, "failed": true,
"invocation": {"module_name": "expect"}, "module_stderr": "",
"module_stdout": "Traceback (most recent call last):\r\n File
\"/tmp/ansible_V_modk/ansible_module_expect.py\", line 230, in <module>\r\n
main()\r\n File \"/tmp/ansible_V_modk/ansible_module_expect.py\", line 199,
in main\r\n events=events, cwd=chdir, echo=echo)\r\n File
\"/usr/lib/python2.6/site-packages/pexpect/__init__.py\", line 225, in
runu\r\n env=env, _spawn=spawnu, **kwargs)\r\n File
\"/usr/lib/python2.6/site-packages/pexpect/__init__.py\", line 246, in
_run\r\n index = child.expect(patterns)\r\n File
\"/usr/lib/python2.6/site-packages/pexpect/__init__.py\", line 1451, in
expect\r\n timeout, searchwindowsize)\r\n File
\"/usr/lib/python2.6/site-packages/pexpect/__init__.py\", line 1466, in
expect_list\r\n timeout, searchwindowsize)\r\n File
\"/usr/lib/python2.6/site-packages/pexpect/__init__.py\", line 1535, in
expect_loop\r\n c = self.read_nonblocking(self.maxread, timeout)\r\n
File \"/usr/lib/python2.6/site-packages/pexpect/__init__.py\", line 984, in
read_nonblocking\r\n s = self._coerce_read_string(s)\r\n File
\"/usr/lib/python2.6/site-packages/pexpect/__init__.py\", line 1797, in
_coerce_read_string\r\n return self._decoder.decode(s, final=False)\r\n
File \"/usr/lib64/python2.6/codecs.py\", line 296, in decode\r\n
(result, consumed) = self._buffer_decode(data, self.errors,
final)\r\nUnicodeDecodeError: 'utf8' codec can't decode byte 0xd2 in
position 1166: invalid continuation byte\r\n", "msg": "MODULE FAILURE",
"parsed": false}
You can try to alter TTY height and avoid 'More'-thing:
command: /bin/bash -c "stty rows 2000,2000; ./install.sh"
Here is what I have after setting kerberos according to ansible:
http://docs.ansible.com/ansible/intro_windows.html
[libdefaults]
default_realm = MY.DOMAIN.COM
…
[realms]
MY.DOMAIN.COM = {
default_domain = my.domain.com
kdc = <domain-controller-server>.my.domain.com
kpasswd_server = <domain-controller-server>.my.domain.com
}
…
[domain_realm]
.my.domain.com = MY.DOMAIN.COM
…
I was able to create a kerberos ticket, here is my output:
root#alex-VirtualBox:/etc/ansible# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: <user_name>#MY.DOMAIN.COM
Valid starting Expires Service principal
04/07/2016 13:58:52 04/07/2016 23:58:52 krbtgt/MY.DOMAIN.COM#MY.DOMAIN.COM
renew until 04/08/2016 13:58:48
04/07/2016 14:02:20 04/07/2016 23:58:52 HTTP/<windows-target-server>.my.domain.com#MY.DOMAIN.COM
renew until 04/08/2016 13:58:48
So what I am trying to do is run ansible playbook or even a simple command on . But I am getting this error which I am pretty sure have nothing to do with ansible:
root#alex-VirtualBox:/etc/ansible# ansible windows -m win_ping --ask-vault-pass
Vault password:
<windows-target-server>.my.domain.com | FAILED! => {
"failed": true,
"msg": "kerberos: (('Unspecified GSS failure. Minor code may provide more information', 851968), ('Server not found in Kerberos database', -1765328377)), plaintext: 401 Unauthorized."
}
I even went ahead and created the keytab file:
> ktutil
ktutil: addent -password -p <user_name>#MY.DOMAIN.COM -k 1 -e rc4-hmac
provide password
ktutil: wkt <user_name>.keytab
ktutil: quit
But then I get different error:
root#alex-VirtualBox:/etc/ansible# ansible windows -m win_ping --ask-vault-pass
n2-2wbp-wbsvr01.na.msds.rhi.com | FAILED! => {
"failed": true,
"msg": "kerberos: (('An invalid name was supplied', 131072), ('Success', 100001)), plaintext: 401 Unauthorized."
}
Try to put the IP and Hostname of your Windows Host entry in /etc/hosts file and then try: https://github.com/diyan/pywinrm/issues/21#issuecomment-58958732 , https://github.com/diyan/pywinrm/issues/21#issuecomment-59084178
PS:
'Server not found in Kerberos database' - That usually means that the Linux host where you're running kinit is not joined to the domain (ie, it doesn't have a properly configured computer account in the domain). The existing docs unhelpfully omit that requirement...