I'm setting up an Ansible server running on CentOS 7 (with AWX as User Interface) and I want to communicate with a few windows hosts to perform basic package manipulation.
As a first approach, I'm using NTLM to communicate with my hosts (Basic Auth is disabled by the sysadmin).
However, I noticed that my playbooks fail to run when I launch ansible-playbook without sudo privileges.
I've already checked the TCP stream in both case. And it seems that when it fails (ie. without sudo rights) the server doesn't event start to communicate with the host. As if it failed without even trying (despite telling otherwise)
It's not a matter of firewall, since I am able to access the wsman endpoint with curl.
I've also checked the Windows account's rights (as was suggested for a similar problem), but everything that's needed was already there.
My playbook is this very simple taskless file:
- hosts: win
vars:
ansible_user: ansible_admin
ansible_connection: winrm
ansible_winrm_server_cert_validation: ignore
ansible_port: 5985
ansible_winrm_transport: ntlm
I've checked with and without tasks (like win_ping) and the ansible_winrm_server_cert_validation variable.
My /etc/ansible/hosts file is this one:
[win]
192.168.0.42
[localhost]
127.0.0.1
Here's what I get when I run the playbook without sudo right
$ ansible-playbook helloworld.yml --ask-pass -vvvvv
ansible-playbook 2.7.9
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/var/lib/awx/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 3.6.7 (default, Dec 5 2018, 15:02:05) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
Using /etc/ansible/ansible.cfg as config file
SSH password:
setting up inventory plugins
/etc/ansible/hosts did not meet host_list requirements, check plugin documentation if this is unexpected
Set default localhost to 127.0.0.1
Parsed /etc/ansible/hosts inventory source with ini plugin
Loading callback plugin default of type stdout, v2.0 from /usr/lib/python3.6/site-packages/ansible/callback/default.py
PLAYBOOK: hello_world.yml ******************************************************
1 plays in hello_world.yml
PLAY [win] ******************************************************
TASK [Gathering Facts] *********************************************************
task path: /home/ansible/playbooks/hello_world.yml:1
Using module file /usr/lib/python3.6/site-packages/ansible/modules/windows/setup.ps1
<192.168.0.42> ESTABLISH WINRM CONNECTION FOR USER: ansible_admin on PORT 5985 TO 192.168.0.42
checking if winrm_host 192.168.0.42 is an IPv6 address
<192.168.0.42> WINRM CONNECT: transport=ntlm endpoint=http://192.168.0.42:5985/wsman
<192.168.0.42> WINRM CONNECTION ERROR: the specified credentials were rejected by the server
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/ansible/plugins/connection/winrm.py", line 402, in _winrm_connect
self.shell_id = protocol.open_shell(codepage=65001) # UTF-8
File "/usr/lib/python3.6/site-packages/winrm/protocol.py", line 157, in open_shell
res = self.send_message(xmltodict.unparse(req))
File "/usr/lib/python3.6/site-packages/winrm/protocol.py", line 234, in send_message
resp = self.transport.send_message(message)
File "/usr/lib/python3.6/site-packages/winrm/transport.py", line 243, in send_message
self.build_session()
File "/usr/lib/python3.6/site-packages/winrm/transport.py", line 232, in build_session
self.setup_encryption()
File "/usr/lib/python3.6/site-packages/winrm/transport.py", line 238, in setup_encryption
self._send_message_request(prepared_request, '')
File "/usr/lib/python3.6/site-packages/winrm/transport.py", line 266, in _send_message_request
raise InvalidCredentialError("the specified credentials were rejected by the server") winrm.exceptions.invalidCredentialError: the specified credentials were rejected by the server
fatal: [192.168.0.42]: UNREACHABLE! => {
"changed": false,
"msg": "ntlm: the specified credentials were rejected by the server",
"unreachable": true
}
to retry, use: --limit #/home/ansible/playbooks/hello_world.retry
PLAY RECAP *********************************************************************
192.168.0.42 : ok=0 changed=0 unreachable=1 failed=0
But when I run the playbook with sudo rights, this works just fine
$ sudo ansible-playbook helloworld.yml --ask-pass -vvvvv
ansible-playbook 2.7.9
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/var/lib/awx/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 3.6.7 (default, Dec 5 2018, 15:02:05) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
Using /etc/ansible/ansible.cfg as config file
SSH password:
setting up inventory plugins
/etc/ansible/hosts did not meet host_list requirements, check plugin documentation if this is unexpected
Set default localhost to 127.0.0.1
Parsed /etc/ansible/hosts inventory source with ini plugin
Loading callback plugin default of type stdout, v2.0 from /usr/lib/python3.6/site-packages/ansible/callback/default.py
PLAYBOOK: hello_world.yml ******************************************************
1 plays in hello_world.yml
PLAY [win] ******************************************************
TASK [Gathering Facts] *********************************************************
task path: /home/ansible/playbooks/hello_world.yml:1
Using module file /usr/lib/python3.6/site-packages/ansible/modules/windows/setup.ps1
<192.168.0.42> ESTABLISH WINRM CONNECTION FOR USER: ansible_admin on PORT 5985 TO 192.168.0.42
checking if winrm_host 192.168.0.42 is an IPv6 address
<192.168.0.42> WINRM CONNECT: transport=ntlm endpoint=http://192.168.0.42:5985/wsman
<192.168.0.42> WINRM OPEN SHELL: E04DA2D8-15E4-4B28-A079-A5C795B612C5
EXEC (via pipeline wrapper)
<192.168.0.42> WINRM EXEC 'Powershell' ['-NoProfile', '-NonInteractive', '-ExecutionPolicy', 'Unrestricted', '-EncodedCommand', '<-- Very long string here -->']
<192.168.0.42> WINRM RESULT '<Response code 1, out "{"changed":false,"an", err "#< CLIXML\r\n<Objs Ver">'
<192.168.0.42> WINRM CLOSE SHELL: E04DA2D8-15E4-4B28-A079-A5C795B612C5
ok: [192.168.0.42]
PLAY RECAP *********************************************************************
192.168.0.42 : ok=1 changed=0 unreachable=0 failed=0
Does someone have an explanation for this?
Or, as a workaround, is it possible to run a playbook on AWX with sudo privileges?
Edit: Added output with extra verbosity
If you're using AWX, you need to check your credentials correctly, especially on Privilege Escalation Method, if you want to specify the type of escalation privilege to assign to specific users.
Related
I am new to ansible. I am facing a problem in hosts file. error output is below.
My question is : How do I escape the # in the ansible_ssh_pass.
I tried with ansible_ssh_pass="airtel\#121" and ansible_ssh_pass=airtel\#121 without double quotes both ways. it is throwing the error.
ansible version: ansible-playbook 2.9.6
host file entry is as below:
[devices]
10.10.10.10 ansible_ssh_user="abcd" ansible_ssh_pass="airtel#121"
playbook is as below:
- name: Cisco show version example
hosts: devices
gather_facts: false
ansible_connection: ansible.netcommon.network_cli
ansible_network_os: cisco.ios.ios
ansible_become: yes
ansible_become_method: enable
tasks:
- name: run show version on the routers
ios_command:
commands:
- show version
register: output
- name: print output
debug:
var: output.stdout_lines
Getting error as below.
xxxx#xxxx:/etc/ansible/playbooks# ansible-playbook check_connectivity_temp.yml -vvvv
ansible-playbook 2.9.6
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3/dist-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 3.8.10 (default, Mar 15 2022, 12:22:08) [GCC 9.4.0]
Using /etc/ansible/ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
auto declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
Parsed /etc/ansible/hosts inventory source with ini plugin
Loading callback plugin default of type stdout, v2.0 from /usr/lib/python3/dist-packages/ansible/plugins/callback/default.py
PLAYBOOK: check_connectivity_temp.yml ***************************************************************************************
Positional arguments: check_connectivity_temp.yml
verbosity: 4
connection: smart
timeout: 10
become_method: sudo
tags: ('all',)
inventory: ('/etc/ansible/hosts',)
forks: 5
1 plays in check_connectivity_temp.yml
PLAY [Cisco show version example] *******************************************************************************************
META: ran handlers
TASK [run show version on the routers] **************************************************************************************
task path: /etc/ansible/playbooks/check_connectivity_temp.yml:14
<10.10.10.10> attempting to start connection
<10.10.10.10> using connection plugin ansible.netcommon.network_cli
<10.10.10.10> local domain socket does not exist, starting it
<10.10.10.10> control socket path is /root/.ansible/pc/aaec916454
<10.10.10.10> local domain socket listeners started successfully
<10.10.10.10> loaded cliconf plugin ansible_collections.cisco.ios.plugins.cliconf.ios from path /root/.ansible/collections/ansible_collections/cisco/ios/plugins/cliconf/ios.py for network_os cisco.ios.ios
<10.10.10.10> ssh type is set to auto
<10.10.10.10> autodetecting ssh_type
[WARNING]: ansible-pylibssh not installed, falling back to paramiko
<10.10.10.10> ssh type is now set to paramiko
<10.10.10.10>
<10.10.10.10> local domain socket path is /root/.ansible/pc/aaec916454
fatal: [10.10.10.10]: FAILED! => {
"changed": false,
"msg": "Failed to authenticate: Authentication failed."
}
PLAY RECAP ******************************************************************************************************************
10.10.10.10 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
My question is : How do I escape the # in the ansible_ssh_pass.
Put the hash character '#' into an expression {{ '#' }}. For example,
- debug:
var: ssh_pass
vars:
ssh_pass: "airtel{{ '#' }}121"
gives
ssh_pass: airtel#121
I have to make an ansible playbook that connects to a brand new cisco router via a telnet connection to a terminal concentrator on a specefic telnet port.
This is my playbook so far
---
- name: Telnet test
hosts: localhost
connection: local
tasks:
- name: telnet test
telnet:
host: 10.145.0.200
port: 4009
send_newline: yes
prompts:
- '[>|#]'
command:
- enable
- term len 0
- show ver
My issue is that when the connection is made the playbook just stay in the task without sending any command to the cisco router, how can i connect to a device without username and password?
i had to cancel the playbook since it will just stay in the task forever
ansible-playbook 2.9.13
config file = /home/niclas/ansible/gc/ansible.cfg
configured module search path = ['/home/niclas/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/niclas/.local/lib/python3.8/site-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 3.8.2 (default, Jul 16 2020, 14:00:26) [GCC 9.3.0]
Using /home/niclas/ansible/gc/ansible.cfg as config file
host_list declined parsing /home/niclas/ansible/gc/inventory.yml as it did not pass its verify_file() method
Parsed /home/niclas/ansible/gc/inventory.yml inventory source with ini plugin
PLAYBOOK: testTelnet.yml ***********************************************************************************************
1 plays in testTelnet.yml
PLAY [Telnet test] *****************************************************************************************************
META: ran handlers
TASK [telnet test] *****************************************************************************************************
task path: /home/niclas/ansible/gc/testTelnet.yml:6
^C [ERROR]: User interrupted execution
Edit error:
❯ ansible-playbook testTelnet.yml -vvv
ansible-playbook 2.9.13
config file = /home/niclas/ansible/gc/ansible.cfg
configured module search path = ['/home/niclas/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/niclas/.local/lib/python3.8/site-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 3.8.2 (default, Jul 16 2020, 14:00:26) [GCC 9.3.0]
Using /home/niclas/ansible/gc/ansible.cfg as config file
host_list declined parsing /home/niclas/ansible/gc/inventory.yml as it did not pass its verify_file() method
Parsed /home/niclas/ansible/gc/inventory.yml inventory source with ini plugin
PLAYBOOK: testTelnet.yml ***********************************************************************************************
1 plays in testTelnet.yml
PLAY [Telnet test] *****************************************************************************************************
META: ran handlers
TASK [telnet test] *****************************************************************************************************
task path: /home/niclas/ansible/gc/testTelnet.yml:6
The full traceback is:
Traceback (most recent call last):
File "/home/niclas/.local/lib/python3.8/site-packages/ansible/executor/task_executor.py", line 147, in run
res = self._execute()
File "/home/niclas/.local/lib/python3.8/site-packages/ansible/executor/task_executor.py", line 665, in _execute
result = self._handler.run(task_vars=variables)
File "/home/niclas/.local/lib/python3.8/site-packages/ansible/plugins/action/telnet.py", line 59, in run
tn = telnetlib.Telnet(host, port, timeout)
File "/usr/lib/python3.8/telnetlib.py", line 218, in __init__
self.open(host, port, timeout)
File "/usr/lib/python3.8/telnetlib.py", line 235, in open
self.sock = socket.create_connection((host, port), timeout)
File "/usr/lib/python3.8/socket.py", line 808, in create_connection
raise err
File "/usr/lib/python3.8/socket.py", line 796, in create_connection
sock.connect(sa)
ConnectionRefusedError: [Errno 111] Connection refused
fatal: [localhost]: FAILED! => {
"msg": "Unexpected failure during module execution.",
"stdout": ""
}
PLAY RECAP *************************************************************************************************************
localhost : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
I think the ansible's command interpreter can't understand the promt from the cisco. I think you should use cisco.ios plugin instead which is described here: https://docs.ansible.com/ansible/latest/collections/cisco/ios/ios_command_module.html
UPDATE
Because the telnet task does not understand cisco.ios commands, then you should use another approach for connecting. Hope your cisco device support SSH, then you can make the connection.
In this case, I think your playbook should look like this:
ansible_connection: ansible.netcommon.network_cli
ansible_network_os: cisco.ios.ios
ansible_user: cisco
ansible_password: ciscopass
ansible_become: yes
ansible_become_method: enable
ansible_become_password: if_you_have_enable_password_define_it_here
---
- hosts: ansible.ini_defined_group_name_for_cisco_device
tasks:
- name: log into cisco device and init this commands
cisco.ios.ios_command:
commands:
- show version
- term len 0
I am running Ansible Tower v3.4.1 with Ansible v2.7.6 on an ubuntu 16.04 VM running on VirtualBox. I run a playbook that works when I run it from the command line using "ansible-playbook" but fails when I try to run it from Ansible Tower. I know I must have something misconfigured in ansible tower but I can't find it.
I get this warning no matter what changes I make to the inventory (hosts) file.
$ ansible-playbook 2.7.6
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/var/lib/awx/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 2.7.12 (default, Nov 12 2018, 14:36:49) [GCC 5.4.0 20160609]
Using /etc/ansible/ansible.cfg as config file
SSH password:
**/tmp/awx_74_z6yJB4/tmpVlXGCX did not meet host_list requirements**, check plugin documentation if this is unexpected
Parsed /tmp/awx_74_z6yJB4/tmpVlXGCX inventory source with script plugin
PLAYBOOK: addpool.yaml *********************************************************
1 plays in addpool.yaml
[WARNING]: **Could not match supplied host pattern, ignoring: bigip**
PLAY [Sample pool playbook] ****************************************************
17:05:43
skipping: no hosts matched
I have enabled inventory plugins for YAML, and made my hosts file into a hosts.yml file.
Here's my hosts file:
192.168.68.253
192.168.68.254
192.168.1.165
[centos]
dad2 ansible_ssh_host=192.168.1.165
[bigip]
bigip1 ansible_host=192.168.68.254
bigip2 ansible_host=192.168.68.253
Here's my playbook:
---
- name: Sample pool playbook
hosts: bigip
connection: local
tasks:
- name: create web servers pool
bigip_pool:
name: web-servers2
lb_method: ratio-member
password: admin
user: admin
server: '{{inventory_hostname}}'
validate_certs: no
I replaced hosts: bigip with hosts: all and specified the inventory in Tower as bigip which contains only the two hosts I want to change. This seems to provide the output I am looking for.
For the ansible-playbook command line, I added --limit bigip and this seems to provide the output I am looking for.
So things appear to be working, I just don't know whether this is best practice use.
If you get the error below while running a playbook with the command
ansible-playbook -i test-project/inventory.txt playbook.yml
{"changed": false, "msg": "Failed to connect to the host via ssh: ssh: connect to host 172.31.24.10 port 22: Connection timed out", "unreachable": true}
The solution is to add, in the file ansible.cfg:
[defaults]
inventory=/etc/ansible/hosts
I think you need to remove the connection: local.
You have specified in hosts: bigip that you want these tasks to only run on hosts in the bigip group. You then specify connection: local which causes the task to run on the controller node (i.e. localhost), rather than the nodes in the bigip group. Localhost is not a member of the bigip group, and so none of the tasks in the play will trigger.
Check for special characters in absolute path of hosts file or playbook. Incase if you directly copied the path from putty, try copy and paste it from notepad or any editor
For me the issue was the format of the /etc/ansible/hosts file. You should use the :children suffix in order to use groups of groups like this:
[dev1]
dev_1 ansible_ssh_host=192.168.1.55 ansible_connection=ssh ansible_ssh_user={{username}} ansible_ssh_pass={{password}}
[dev2]
dev_2 ansible_ssh_host=192.168.1.68 ansible_connection=ssh ansible_ssh_user={{username}} ansible_ssh_pass={{password}}
[devs:children]
dev1
dev2
Reference: here
I'm trying to write a playbook for a Windows VM that also creates the VM with the os_server module.
I'm starting with a simple win_ping, given the VM is already there:
- name: Create instance
hosts: all
tasks:
- name: Ping machine
win_ping:
running it with ansible-playbook site.yml --inventory=10.204.0.9,
results in:
PLAY [Create instance] ************************************************************************
TASK [Gathering Facts] ************************************************************************
ok: [10.204.0.9]
TASK [Ping machine] ***************************************************************************
ok: [10.204.0.9]
PLAY RECAP ************************************************************************************
10.204.0.9 : ok=2 changed=0 unreachable=0 failed=0
Now I add the os_server task:
- name: Create Windows Instance
connection: local
os_server:
state: present
region_name: "{{ os_region_name }}"
auth: "{{ cloud.auth }}"
name: "windows-{{ inventory_hostname }}"
image: Windows 2012 R2 Datacenter
key_name: vector_ops
flavor: 1C-2GB-50GB
floating_ips:
- "{{ inventory_hostname }}"
- name: Ping machine
win_ping:
I'm setting connection to local as I want this task to be executed from the control machine, in case the VM is not created yet.
When I run this playbook again with ansible-playbook site.yml --inventory=10.204.0.9,, I get:
TASK [Create Windows Instance] ****************************************************************
[WARNING]: FATAL ERROR DURING FILE TRANSFER: Traceback (most recent call last): File
"/usr/lib/python2.7/dist-packages/ansible/plugins/connection/winrm.py", line 276, in
_winrm_exec self._winrm_send_input(self.protocol, self.shell_id, command_id, data,
eof=is_last) File "/usr/lib/python2.7/dist-packages/ansible/plugins/connection/winrm.py",
line 256, in _winrm_send_input protocol.send_message(xmltodict.unparse(rq)) File
"/usr/local/lib/python2.7/dist-packages/winrm/protocol.py", line 207, in send_message
return self.transport.send_message(message) File "/usr/local/lib/python2.7/dist-
packages/winrm/transport.py", line 202, in send_message raise WinRMTransportError('http',
error_message) WinRMTransportError: (u'http', u'Bad HTTP response returned from server. Code
500')
fatal: [10.204.0.9]: FAILED! => {"msg": "winrm send_input failed"}
I'm a bit puzzled why there is an error during a file transfer, so I ran the command with -vvv:
TASK [Create Windows Instance] ****************************************************************
task path: /home/ubuntu/basic-windows-example/trunk/playbooks/site.yml:8
Using module file /usr/lib/python2.7/dist-packages/ansible/modules/cloud/openstack/os_server.py
<10.204.0.9> ESTABLISH WINRM CONNECTION FOR USER: Admin on PORT 5986 TO 10.204.0.9
EXEC (via pipeline wrapper)
And indeed it seems so that Ansible tries to establish a winrm connection, despite connection: local. Removing connection: local from the task brings the same result as above.
I would expect the task to return a simple "ok" since the VM is already there.
What am I missing here?
Update 2018-01-09, 9:45 GMT:
So I tried another experiment: I removed all ansible_* variables from the var file (see below) just to see what Ansible does with the os_server task when no WinRM connection is configured. Running it again with ansible-playbook site.yml --inventory=10.204.0.9, -vvv this time I get for the os_server task:
TASK [Create Windows Instance] ****************************************************************
task path: /home/ubuntu/basic-windows-example/trunk/playbooks/site.yml:9
Using module file /usr/lib/python2.7/dist-packages/ansible/modules/cloud/openstack/os_server.py
<10.204.0.9> ESTABLISH LOCAL CONNECTION FOR USER: ubuntu
<10.204.0.9> EXEC /bin/sh -c 'echo ~ && sleep 0'
<10.204.0.9> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/ubuntu/.ansible/tmp/ansible-tmp-1515490597.4-208015762064624 `" && echo ansible-tmp-1515490597.4-208015762064624="` echo /home/ubuntu/.ansible/tmp/ansible-tmp-1515490597.4-208015762064624 `" ) && sleep 0'
<rest cut off for brevity>
So now a local connection does get established and the os_server task completes successfully. But of course, this is not the answer, because I need the WinRM connection configured for the Windows VM.
Update 2018-01-09, 10:00 GMT:
Following the suggestion to add gather_facts: false to the play and running ansible-playbook site.yml --inventory=10.204.0.9,, I now get:
PLAY [Create instance] ************************************************************************
META: ran handlers
TASK [Create Windows Instance] ****************************************************************
task path: /home/ubuntu/basic-windows-example/trunk/playbooks/site.yml:10
Using module file /usr/lib/python2.7/dist-packages/ansible/modules/cloud/openstack/os_server.py
<10.204.0.9> ESTABLISH WINRM CONNECTION FOR USER: Admin on PORT 5986 TO 10.204.0.9
EXEC (via pipeline wrapper)
[WARNING]: FATAL ERROR DURING FILE TRANSFER: Traceback (most recent call last): File
"/usr/lib/python2.7/dist-packages/ansible/plugins/connection/winrm.py", line 276, in
_winrm_exec self._winrm_send_input(self.protocol, self.shell_id, command_id, data,
eof=is_last) File "/usr/lib/python2.7/dist-packages/ansible/plugins/connection/winrm.py",
line 256, in _winrm_send_input protocol.send_message(xmltodict.unparse(rq)) File
"/usr/local/lib/python2.7/dist-packages/winrm/protocol.py", line 207, in send_message
return self.transport.send_message(message) File "/usr/local/lib/python2.7/dist-
packages/winrm/transport.py", line 202, in send_message raise WinRMTransportError('http',
error_message) WinRMTransportError: (u'http', u'Bad HTTP response returned from server. Code
500')
fatal: [10.204.0.9]: FAILED! => {
"msg": "winrm send_input failed"
}
The error is the same, Ansible still tries to establish a WinRM connection.
Full Playbook (site.yml, added gather_facts: false):
- name: Create instance
hosts: all
gather_facts: false
tasks:
- name: Create Windows Instance
connection: local
os_server:
state: present
region_name: Region1
auth: "{{ cloud.auth }}"
name: "windows-{{ inventory_hostname }}"
image: Windows 2012 R2 Datacenter
key_name: mykey
flavor: 1C-2GB-50GB
floating_ips:
- "{{ inventory_hostname }}"
- name: Ping machine
win_ping:
Vars in group_vars/all (used throughout all examples):
cloud:
auth:
auth_url: https://cloud.internal:5000/v3/
domain_name: Domain_01
password: mypassword
project_name: dev-project
username: apiuser
os_region_name: Fra1
ansible_user: Admin
ansible_port: 5986
ansible_password: myvmpassword
ansible_connection: winrm
ansible_winrm_server_cert_validation: ignore
Version info:
ansible --version
ansible 2.4.2.0
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/home/ubuntu/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.12 (default, Nov 20 2017, 18:23:56) [GCC 5.4.0 20160609]
If I use delegate_to: localhost instead of connection: local for the os_server task, a local connection does get established. delegate_to avoids loading the WinRM connection variables for that connection.
If someone else is facing the same issue with Ansible then check the WinRM memory setting on the host and ensure it has sufficient memory.
Set-Item WSMan:\localhost\Shell\MaxMemoryPerShellMB 1024
I have recently installed ansible
demaunt#demaunt-pc:~$ ansible --version
ansible 2.3.1.0
config file = /etc/ansible/ansible.cfg
configured module search path = Default w/o overrides
python version = 2.7.12 (default, Nov 19 2016, 06:48:10) [GCC 5.4.0 20160609]
I have added 2 lines into: /etc/ansible/hosts
[local]
192.168.1.102
and changed uncommented 1 line in ansible.cfg:
# uncomment this to disable SSH key host checking
host_key_checking = False
Still when I do:
ansible all -m ping
192.168.1.102 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Warning: Permanently added '192.168.1.102' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,password).\r\n",
"unreachable": true
}
1) Why my localhost is unreachable
2) Why this program is so smart that it tries to connect via ssh even when this option was disabled.
To define localhost and use local connection instead of ssh, define hosts as follows:
[local]
localhost ansible_connection=local
This way we define local group with localhost host with local connection.
The option host_key_checking = False does not mean Ansible will not connect to hosts. It's an option related to the ssh option StrictHostKeyChecking (see the ssh_config man page).
Ansible needs to log into the host to perform the ping. Your local host at IP 192.168.1.102 is probably not running the sshd daemon, or some other issue is preventing the ssh login.
Suggest you review the documentation at http://docs.ansible.com/ansible/intro_configuration.html.