I have to make an ansible playbook that connects to a brand new cisco router via a telnet connection to a terminal concentrator on a specefic telnet port.
This is my playbook so far
---
- name: Telnet test
hosts: localhost
connection: local
tasks:
- name: telnet test
telnet:
host: 10.145.0.200
port: 4009
send_newline: yes
prompts:
- '[>|#]'
command:
- enable
- term len 0
- show ver
My issue is that when the connection is made the playbook just stay in the task without sending any command to the cisco router, how can i connect to a device without username and password?
i had to cancel the playbook since it will just stay in the task forever
ansible-playbook 2.9.13
config file = /home/niclas/ansible/gc/ansible.cfg
configured module search path = ['/home/niclas/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/niclas/.local/lib/python3.8/site-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 3.8.2 (default, Jul 16 2020, 14:00:26) [GCC 9.3.0]
Using /home/niclas/ansible/gc/ansible.cfg as config file
host_list declined parsing /home/niclas/ansible/gc/inventory.yml as it did not pass its verify_file() method
Parsed /home/niclas/ansible/gc/inventory.yml inventory source with ini plugin
PLAYBOOK: testTelnet.yml ***********************************************************************************************
1 plays in testTelnet.yml
PLAY [Telnet test] *****************************************************************************************************
META: ran handlers
TASK [telnet test] *****************************************************************************************************
task path: /home/niclas/ansible/gc/testTelnet.yml:6
^C [ERROR]: User interrupted execution
Edit error:
❯ ansible-playbook testTelnet.yml -vvv
ansible-playbook 2.9.13
config file = /home/niclas/ansible/gc/ansible.cfg
configured module search path = ['/home/niclas/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/niclas/.local/lib/python3.8/site-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 3.8.2 (default, Jul 16 2020, 14:00:26) [GCC 9.3.0]
Using /home/niclas/ansible/gc/ansible.cfg as config file
host_list declined parsing /home/niclas/ansible/gc/inventory.yml as it did not pass its verify_file() method
Parsed /home/niclas/ansible/gc/inventory.yml inventory source with ini plugin
PLAYBOOK: testTelnet.yml ***********************************************************************************************
1 plays in testTelnet.yml
PLAY [Telnet test] *****************************************************************************************************
META: ran handlers
TASK [telnet test] *****************************************************************************************************
task path: /home/niclas/ansible/gc/testTelnet.yml:6
The full traceback is:
Traceback (most recent call last):
File "/home/niclas/.local/lib/python3.8/site-packages/ansible/executor/task_executor.py", line 147, in run
res = self._execute()
File "/home/niclas/.local/lib/python3.8/site-packages/ansible/executor/task_executor.py", line 665, in _execute
result = self._handler.run(task_vars=variables)
File "/home/niclas/.local/lib/python3.8/site-packages/ansible/plugins/action/telnet.py", line 59, in run
tn = telnetlib.Telnet(host, port, timeout)
File "/usr/lib/python3.8/telnetlib.py", line 218, in __init__
self.open(host, port, timeout)
File "/usr/lib/python3.8/telnetlib.py", line 235, in open
self.sock = socket.create_connection((host, port), timeout)
File "/usr/lib/python3.8/socket.py", line 808, in create_connection
raise err
File "/usr/lib/python3.8/socket.py", line 796, in create_connection
sock.connect(sa)
ConnectionRefusedError: [Errno 111] Connection refused
fatal: [localhost]: FAILED! => {
"msg": "Unexpected failure during module execution.",
"stdout": ""
}
PLAY RECAP *************************************************************************************************************
localhost : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
I think the ansible's command interpreter can't understand the promt from the cisco. I think you should use cisco.ios plugin instead which is described here: https://docs.ansible.com/ansible/latest/collections/cisco/ios/ios_command_module.html
UPDATE
Because the telnet task does not understand cisco.ios commands, then you should use another approach for connecting. Hope your cisco device support SSH, then you can make the connection.
In this case, I think your playbook should look like this:
ansible_connection: ansible.netcommon.network_cli
ansible_network_os: cisco.ios.ios
ansible_user: cisco
ansible_password: ciscopass
ansible_become: yes
ansible_become_method: enable
ansible_become_password: if_you_have_enable_password_define_it_here
---
- hosts: ansible.ini_defined_group_name_for_cisco_device
tasks:
- name: log into cisco device and init this commands
cisco.ios.ios_command:
commands:
- show version
- term len 0
Related
I am new to ansible. I am facing a problem in hosts file. error output is below.
My question is : How do I escape the # in the ansible_ssh_pass.
I tried with ansible_ssh_pass="airtel\#121" and ansible_ssh_pass=airtel\#121 without double quotes both ways. it is throwing the error.
ansible version: ansible-playbook 2.9.6
host file entry is as below:
[devices]
10.10.10.10 ansible_ssh_user="abcd" ansible_ssh_pass="airtel#121"
playbook is as below:
- name: Cisco show version example
hosts: devices
gather_facts: false
ansible_connection: ansible.netcommon.network_cli
ansible_network_os: cisco.ios.ios
ansible_become: yes
ansible_become_method: enable
tasks:
- name: run show version on the routers
ios_command:
commands:
- show version
register: output
- name: print output
debug:
var: output.stdout_lines
Getting error as below.
xxxx#xxxx:/etc/ansible/playbooks# ansible-playbook check_connectivity_temp.yml -vvvv
ansible-playbook 2.9.6
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3/dist-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 3.8.10 (default, Mar 15 2022, 12:22:08) [GCC 9.4.0]
Using /etc/ansible/ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
auto declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
Parsed /etc/ansible/hosts inventory source with ini plugin
Loading callback plugin default of type stdout, v2.0 from /usr/lib/python3/dist-packages/ansible/plugins/callback/default.py
PLAYBOOK: check_connectivity_temp.yml ***************************************************************************************
Positional arguments: check_connectivity_temp.yml
verbosity: 4
connection: smart
timeout: 10
become_method: sudo
tags: ('all',)
inventory: ('/etc/ansible/hosts',)
forks: 5
1 plays in check_connectivity_temp.yml
PLAY [Cisco show version example] *******************************************************************************************
META: ran handlers
TASK [run show version on the routers] **************************************************************************************
task path: /etc/ansible/playbooks/check_connectivity_temp.yml:14
<10.10.10.10> attempting to start connection
<10.10.10.10> using connection plugin ansible.netcommon.network_cli
<10.10.10.10> local domain socket does not exist, starting it
<10.10.10.10> control socket path is /root/.ansible/pc/aaec916454
<10.10.10.10> local domain socket listeners started successfully
<10.10.10.10> loaded cliconf plugin ansible_collections.cisco.ios.plugins.cliconf.ios from path /root/.ansible/collections/ansible_collections/cisco/ios/plugins/cliconf/ios.py for network_os cisco.ios.ios
<10.10.10.10> ssh type is set to auto
<10.10.10.10> autodetecting ssh_type
[WARNING]: ansible-pylibssh not installed, falling back to paramiko
<10.10.10.10> ssh type is now set to paramiko
<10.10.10.10>
<10.10.10.10> local domain socket path is /root/.ansible/pc/aaec916454
fatal: [10.10.10.10]: FAILED! => {
"changed": false,
"msg": "Failed to authenticate: Authentication failed."
}
PLAY RECAP ******************************************************************************************************************
10.10.10.10 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
My question is : How do I escape the # in the ansible_ssh_pass.
Put the hash character '#' into an expression {{ '#' }}. For example,
- debug:
var: ssh_pass
vars:
ssh_pass: "airtel{{ '#' }}121"
gives
ssh_pass: airtel#121
From my CentOS(Ansible controller host) trying to run below playbook.
Ansible version:-
$ ansible --version
ansible 2.9.21
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /usr/bin/ansible
python version = 3.6.8 (default, Aug 24 2020, 17:57:11) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
---
- hosts: pro-server
become: yes
remote_user: root
tasks:
- name: Set authorized key taken from file
ansible.posix.authorized_key:
user: root
state: present
key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
It fails with below error.
$ ansible-playbook -i hosts add-ssh-key.yml
PLAY [pro-server] ****************************************************************************************************************************************
TASK [Gathering Facts] ****************************************************************************************************************************************
ok: [50.51.52.24]
TASK [Set authorized key taken from file] ********************************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: OSError: [Errno 1] Operation not permitted
fatal: [50.51.52.24]: FAILED! => {"changed": false, "msg": "Unable to make /tmp/tmp73HusP into to /root/.ssh/authorized_keys, failed final rename from /root/.ssh/.ansible_tmpy4MPxlauthorized_keys: [Errno 1] Operation not permitted"}
PLAY RECAP ****************************************************************************************************************************************************
50.51.52.24 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
added the following to /etc/ansible/ansible.cfg. However still same problem persists.
allow_world_readable_tmpfiles = True
Any pointer to solve this problem will be helpful. Thank you.
As discussed in the comments, the problem is an 'a' attribute set on the authorized_keys file.
From man chattr:
A file with the 'a' attribute set can only be open in append mode for writing. Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute.
This can be fixed using the file module:
- name: make sure the 'a' attribute is removed from the authorized_keys-file
file:
path: '/root/.ssh/authorized_keys'
attributes: '-a'
I cannot get a simple playbook to work against a Cisco Nexus switch using Ansible 2.9.13. I get a vague index out of range error.
Here is my inventory file:
[nxos:vars]
ansible_user=admin
ansible_password=password
ansible_network_os=nxos
ansible_connection=network_cli
ansible_become=yes
ansible_become_method=enable
ansible_become_password=password
[nxos]
nxos-sw01 ansible_host=172.23.180.12
Here is my playbook:
---
- name: "nxos configure nxapi"
hosts: all
gather_facts: no
tasks:
- name: "enble api"
nxos_nxapi:
enable_https: yes
When I execute I get an error about "list index out of range" that does not yield any helpful output:
$ ansible-playbook -i test.inv test.yml -vvvv
ansible-playbook 2.9.0
config file = /home/some.guy/.ansible.cfg
configured module search path = [u'/home/some.guy/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /home/some.guy/.local/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 2.7.5 (default, Aug 7 2019, 00:51:29) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
Using /home/some.guy/.ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /home/some.guy/tmp/ansible/test.inv as it did not pass its verify_file() method
script declined parsing /home/some.guy/tmp/ansible/test.inv as it did not pass its verify_file() method
auto declined parsing /home/some.guy/tmp/ansible/test.inv as it did not pass its verify_file() method
yaml declined parsing /home/some.guy/tmp/ansible/test.inv as it did not pass its verify_file() method
Parsed /home/some.guy/tmp/ansible/test.inv inventory source with ini plugin
Loading callback plugin default of type stdout, v2.0 from /home/some.guy/.local/lib/python2.7/site-packages/ansible/plugins/callback/default.pyc
PLAYBOOK: test.yml **************************************************************************************************************************************************
Positional arguments: test.yml
become_method: sudo
inventory: (u'/home/some.guy/tmp/ansible/test.inv',)
forks: 5
tags: (u'all',)
verbosity: 4
connection: smart
timeout: 10
1 plays in test.yml
PLAY [nxos configure banner] ****************************************************************************************************************************************
META: ran handlers
TASK [enble api] ****************************************************************************************************************************************************
task path: /home/some.guy/tmp/ansible/test.yml:6
<172.23.180.12> attempting to start connection
<172.23.180.12> using connection plugin network_cli
fatal: [nxos-sw01]: FAILED! => {
"msg": "Traceback (most recent call last):\n File \"/usr/bin/ansible-connection\", line 342, in <module>\n main()\n File \"/usr/bin/ansible-connection\", line 261, in main\n task_uuid = sys.argv[2]\nIndexError: list index out of range\n"
}
PLAY RECAP **********************************************************************************************************************************************************
nxos-sw01 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
I have tried different NXOS modules and using the NXAPI connectivity method. I can't seem to get anything to work. I can connect manually (SSH) to the switch from this server.
Can anyone help me to troubleshoot what I am doing wrong?
EDIT: Here is attempt to run just ansible against the device. Something wrong with how connection info is being parsed ? By running the below I am bypassing my playbook entirely and still get same error.
$ ansible -vvvv nxos-sw01 -m ping -i test.inv
ansible 2.9.0
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/etc/ansible/modules', u'/usr/lib/python2.7/site-packages/napalm_ansible']
ansible python module location = /home/some.guy/.local/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Aug 7 2019, 00:51:29) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
Using /etc/ansible/ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /home/some.guy/tmp/ansible/test.inv as it did not pass its verify_file() method
script declined parsing /home/some.guy/tmp/ansible/test.inv as it did not pass its verify_file() method
auto declined parsing /home/some.guy/tmp/ansible/test.inv as it did not pass its verify_file() method
yaml declined parsing /home/some.guy/tmp/ansible/test.inv as it did not pass its verify_file() method
Parsed /home/some.guy/tmp/ansible/test.inv inventory source with ini plugin
Loading callback plugin minimal of type stdout, v2.0 from /home/some.guy/.local/lib/python2.7/site-packages/ansible/plugins/callback/minimal.pyc
META: ran handlers
<172.23.180.12> attempting to start connection
<172.23.180.12> using connection plugin network_cli
nxos-sw01 | FAILED! => {
"msg": "Traceback (most recent call last):\n File \"/usr/bin/ansible-connection\", line 342, in <module>\n main()\n File \"/usr/bin/ansible-connection\", line 261, in main\n task_uuid = sys.argv[2]\nIndexError: list index out of range\n"
EDIT2: I ended up opening a bug ticket on Github about this issue:
https://github.com/ansible/ansible/issues/72214
After getting help on #ansible-network I was able to figure this out. Apparently I installed additional copies of python2/3 under my home directory and that was being preferred, as shown in the debug output in my OP:
ansible python module location = /home/some.guy/.local/lib/python2.7/site-packages/ansible
After removing that .local path from my home directory I now see ansible --version reporting 2.9.13 and the NXOS module works correctly.
I'm setting up an Ansible server running on CentOS 7 (with AWX as User Interface) and I want to communicate with a few windows hosts to perform basic package manipulation.
As a first approach, I'm using NTLM to communicate with my hosts (Basic Auth is disabled by the sysadmin).
However, I noticed that my playbooks fail to run when I launch ansible-playbook without sudo privileges.
I've already checked the TCP stream in both case. And it seems that when it fails (ie. without sudo rights) the server doesn't event start to communicate with the host. As if it failed without even trying (despite telling otherwise)
It's not a matter of firewall, since I am able to access the wsman endpoint with curl.
I've also checked the Windows account's rights (as was suggested for a similar problem), but everything that's needed was already there.
My playbook is this very simple taskless file:
- hosts: win
vars:
ansible_user: ansible_admin
ansible_connection: winrm
ansible_winrm_server_cert_validation: ignore
ansible_port: 5985
ansible_winrm_transport: ntlm
I've checked with and without tasks (like win_ping) and the ansible_winrm_server_cert_validation variable.
My /etc/ansible/hosts file is this one:
[win]
192.168.0.42
[localhost]
127.0.0.1
Here's what I get when I run the playbook without sudo right
$ ansible-playbook helloworld.yml --ask-pass -vvvvv
ansible-playbook 2.7.9
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/var/lib/awx/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 3.6.7 (default, Dec 5 2018, 15:02:05) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
Using /etc/ansible/ansible.cfg as config file
SSH password:
setting up inventory plugins
/etc/ansible/hosts did not meet host_list requirements, check plugin documentation if this is unexpected
Set default localhost to 127.0.0.1
Parsed /etc/ansible/hosts inventory source with ini plugin
Loading callback plugin default of type stdout, v2.0 from /usr/lib/python3.6/site-packages/ansible/callback/default.py
PLAYBOOK: hello_world.yml ******************************************************
1 plays in hello_world.yml
PLAY [win] ******************************************************
TASK [Gathering Facts] *********************************************************
task path: /home/ansible/playbooks/hello_world.yml:1
Using module file /usr/lib/python3.6/site-packages/ansible/modules/windows/setup.ps1
<192.168.0.42> ESTABLISH WINRM CONNECTION FOR USER: ansible_admin on PORT 5985 TO 192.168.0.42
checking if winrm_host 192.168.0.42 is an IPv6 address
<192.168.0.42> WINRM CONNECT: transport=ntlm endpoint=http://192.168.0.42:5985/wsman
<192.168.0.42> WINRM CONNECTION ERROR: the specified credentials were rejected by the server
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/ansible/plugins/connection/winrm.py", line 402, in _winrm_connect
self.shell_id = protocol.open_shell(codepage=65001) # UTF-8
File "/usr/lib/python3.6/site-packages/winrm/protocol.py", line 157, in open_shell
res = self.send_message(xmltodict.unparse(req))
File "/usr/lib/python3.6/site-packages/winrm/protocol.py", line 234, in send_message
resp = self.transport.send_message(message)
File "/usr/lib/python3.6/site-packages/winrm/transport.py", line 243, in send_message
self.build_session()
File "/usr/lib/python3.6/site-packages/winrm/transport.py", line 232, in build_session
self.setup_encryption()
File "/usr/lib/python3.6/site-packages/winrm/transport.py", line 238, in setup_encryption
self._send_message_request(prepared_request, '')
File "/usr/lib/python3.6/site-packages/winrm/transport.py", line 266, in _send_message_request
raise InvalidCredentialError("the specified credentials were rejected by the server") winrm.exceptions.invalidCredentialError: the specified credentials were rejected by the server
fatal: [192.168.0.42]: UNREACHABLE! => {
"changed": false,
"msg": "ntlm: the specified credentials were rejected by the server",
"unreachable": true
}
to retry, use: --limit #/home/ansible/playbooks/hello_world.retry
PLAY RECAP *********************************************************************
192.168.0.42 : ok=0 changed=0 unreachable=1 failed=0
But when I run the playbook with sudo rights, this works just fine
$ sudo ansible-playbook helloworld.yml --ask-pass -vvvvv
ansible-playbook 2.7.9
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/var/lib/awx/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 3.6.7 (default, Dec 5 2018, 15:02:05) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
Using /etc/ansible/ansible.cfg as config file
SSH password:
setting up inventory plugins
/etc/ansible/hosts did not meet host_list requirements, check plugin documentation if this is unexpected
Set default localhost to 127.0.0.1
Parsed /etc/ansible/hosts inventory source with ini plugin
Loading callback plugin default of type stdout, v2.0 from /usr/lib/python3.6/site-packages/ansible/callback/default.py
PLAYBOOK: hello_world.yml ******************************************************
1 plays in hello_world.yml
PLAY [win] ******************************************************
TASK [Gathering Facts] *********************************************************
task path: /home/ansible/playbooks/hello_world.yml:1
Using module file /usr/lib/python3.6/site-packages/ansible/modules/windows/setup.ps1
<192.168.0.42> ESTABLISH WINRM CONNECTION FOR USER: ansible_admin on PORT 5985 TO 192.168.0.42
checking if winrm_host 192.168.0.42 is an IPv6 address
<192.168.0.42> WINRM CONNECT: transport=ntlm endpoint=http://192.168.0.42:5985/wsman
<192.168.0.42> WINRM OPEN SHELL: E04DA2D8-15E4-4B28-A079-A5C795B612C5
EXEC (via pipeline wrapper)
<192.168.0.42> WINRM EXEC 'Powershell' ['-NoProfile', '-NonInteractive', '-ExecutionPolicy', 'Unrestricted', '-EncodedCommand', '<-- Very long string here -->']
<192.168.0.42> WINRM RESULT '<Response code 1, out "{"changed":false,"an", err "#< CLIXML\r\n<Objs Ver">'
<192.168.0.42> WINRM CLOSE SHELL: E04DA2D8-15E4-4B28-A079-A5C795B612C5
ok: [192.168.0.42]
PLAY RECAP *********************************************************************
192.168.0.42 : ok=1 changed=0 unreachable=0 failed=0
Does someone have an explanation for this?
Or, as a workaround, is it possible to run a playbook on AWX with sudo privileges?
Edit: Added output with extra verbosity
If you're using AWX, you need to check your credentials correctly, especially on Privilege Escalation Method, if you want to specify the type of escalation privilege to assign to specific users.
I'm trying to write a playbook for a Windows VM that also creates the VM with the os_server module.
I'm starting with a simple win_ping, given the VM is already there:
- name: Create instance
hosts: all
tasks:
- name: Ping machine
win_ping:
running it with ansible-playbook site.yml --inventory=10.204.0.9,
results in:
PLAY [Create instance] ************************************************************************
TASK [Gathering Facts] ************************************************************************
ok: [10.204.0.9]
TASK [Ping machine] ***************************************************************************
ok: [10.204.0.9]
PLAY RECAP ************************************************************************************
10.204.0.9 : ok=2 changed=0 unreachable=0 failed=0
Now I add the os_server task:
- name: Create Windows Instance
connection: local
os_server:
state: present
region_name: "{{ os_region_name }}"
auth: "{{ cloud.auth }}"
name: "windows-{{ inventory_hostname }}"
image: Windows 2012 R2 Datacenter
key_name: vector_ops
flavor: 1C-2GB-50GB
floating_ips:
- "{{ inventory_hostname }}"
- name: Ping machine
win_ping:
I'm setting connection to local as I want this task to be executed from the control machine, in case the VM is not created yet.
When I run this playbook again with ansible-playbook site.yml --inventory=10.204.0.9,, I get:
TASK [Create Windows Instance] ****************************************************************
[WARNING]: FATAL ERROR DURING FILE TRANSFER: Traceback (most recent call last): File
"/usr/lib/python2.7/dist-packages/ansible/plugins/connection/winrm.py", line 276, in
_winrm_exec self._winrm_send_input(self.protocol, self.shell_id, command_id, data,
eof=is_last) File "/usr/lib/python2.7/dist-packages/ansible/plugins/connection/winrm.py",
line 256, in _winrm_send_input protocol.send_message(xmltodict.unparse(rq)) File
"/usr/local/lib/python2.7/dist-packages/winrm/protocol.py", line 207, in send_message
return self.transport.send_message(message) File "/usr/local/lib/python2.7/dist-
packages/winrm/transport.py", line 202, in send_message raise WinRMTransportError('http',
error_message) WinRMTransportError: (u'http', u'Bad HTTP response returned from server. Code
500')
fatal: [10.204.0.9]: FAILED! => {"msg": "winrm send_input failed"}
I'm a bit puzzled why there is an error during a file transfer, so I ran the command with -vvv:
TASK [Create Windows Instance] ****************************************************************
task path: /home/ubuntu/basic-windows-example/trunk/playbooks/site.yml:8
Using module file /usr/lib/python2.7/dist-packages/ansible/modules/cloud/openstack/os_server.py
<10.204.0.9> ESTABLISH WINRM CONNECTION FOR USER: Admin on PORT 5986 TO 10.204.0.9
EXEC (via pipeline wrapper)
And indeed it seems so that Ansible tries to establish a winrm connection, despite connection: local. Removing connection: local from the task brings the same result as above.
I would expect the task to return a simple "ok" since the VM is already there.
What am I missing here?
Update 2018-01-09, 9:45 GMT:
So I tried another experiment: I removed all ansible_* variables from the var file (see below) just to see what Ansible does with the os_server task when no WinRM connection is configured. Running it again with ansible-playbook site.yml --inventory=10.204.0.9, -vvv this time I get for the os_server task:
TASK [Create Windows Instance] ****************************************************************
task path: /home/ubuntu/basic-windows-example/trunk/playbooks/site.yml:9
Using module file /usr/lib/python2.7/dist-packages/ansible/modules/cloud/openstack/os_server.py
<10.204.0.9> ESTABLISH LOCAL CONNECTION FOR USER: ubuntu
<10.204.0.9> EXEC /bin/sh -c 'echo ~ && sleep 0'
<10.204.0.9> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/ubuntu/.ansible/tmp/ansible-tmp-1515490597.4-208015762064624 `" && echo ansible-tmp-1515490597.4-208015762064624="` echo /home/ubuntu/.ansible/tmp/ansible-tmp-1515490597.4-208015762064624 `" ) && sleep 0'
<rest cut off for brevity>
So now a local connection does get established and the os_server task completes successfully. But of course, this is not the answer, because I need the WinRM connection configured for the Windows VM.
Update 2018-01-09, 10:00 GMT:
Following the suggestion to add gather_facts: false to the play and running ansible-playbook site.yml --inventory=10.204.0.9,, I now get:
PLAY [Create instance] ************************************************************************
META: ran handlers
TASK [Create Windows Instance] ****************************************************************
task path: /home/ubuntu/basic-windows-example/trunk/playbooks/site.yml:10
Using module file /usr/lib/python2.7/dist-packages/ansible/modules/cloud/openstack/os_server.py
<10.204.0.9> ESTABLISH WINRM CONNECTION FOR USER: Admin on PORT 5986 TO 10.204.0.9
EXEC (via pipeline wrapper)
[WARNING]: FATAL ERROR DURING FILE TRANSFER: Traceback (most recent call last): File
"/usr/lib/python2.7/dist-packages/ansible/plugins/connection/winrm.py", line 276, in
_winrm_exec self._winrm_send_input(self.protocol, self.shell_id, command_id, data,
eof=is_last) File "/usr/lib/python2.7/dist-packages/ansible/plugins/connection/winrm.py",
line 256, in _winrm_send_input protocol.send_message(xmltodict.unparse(rq)) File
"/usr/local/lib/python2.7/dist-packages/winrm/protocol.py", line 207, in send_message
return self.transport.send_message(message) File "/usr/local/lib/python2.7/dist-
packages/winrm/transport.py", line 202, in send_message raise WinRMTransportError('http',
error_message) WinRMTransportError: (u'http', u'Bad HTTP response returned from server. Code
500')
fatal: [10.204.0.9]: FAILED! => {
"msg": "winrm send_input failed"
}
The error is the same, Ansible still tries to establish a WinRM connection.
Full Playbook (site.yml, added gather_facts: false):
- name: Create instance
hosts: all
gather_facts: false
tasks:
- name: Create Windows Instance
connection: local
os_server:
state: present
region_name: Region1
auth: "{{ cloud.auth }}"
name: "windows-{{ inventory_hostname }}"
image: Windows 2012 R2 Datacenter
key_name: mykey
flavor: 1C-2GB-50GB
floating_ips:
- "{{ inventory_hostname }}"
- name: Ping machine
win_ping:
Vars in group_vars/all (used throughout all examples):
cloud:
auth:
auth_url: https://cloud.internal:5000/v3/
domain_name: Domain_01
password: mypassword
project_name: dev-project
username: apiuser
os_region_name: Fra1
ansible_user: Admin
ansible_port: 5986
ansible_password: myvmpassword
ansible_connection: winrm
ansible_winrm_server_cert_validation: ignore
Version info:
ansible --version
ansible 2.4.2.0
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/home/ubuntu/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.12 (default, Nov 20 2017, 18:23:56) [GCC 5.4.0 20160609]
If I use delegate_to: localhost instead of connection: local for the os_server task, a local connection does get established. delegate_to avoids loading the WinRM connection variables for that connection.
If someone else is facing the same issue with Ansible then check the WinRM memory setting on the host and ensure it has sufficient memory.
Set-Item WSMan:\localhost\Shell\MaxMemoryPerShellMB 1024