Containerized Ansible SSH-ing to Windows DockerHost

Taylor Jackwood

unread,

Jun 12, 2019, 2:39:16 PM6/12/19

to Ansible Project

Afternoon!

I am attempting to set up an Ansible Docker container for managing both other containers running in Docker, as well as my host machine (Running Windows 10).

Using Ansible 2.8, I'm attempting to get the SSH connection to my host machine to work, as using WinRM isn't ideal for my scenario. I have set up OpenSSH Server on my machine, and done all of the steps to allow SSH tunneling from my container to my host machine. I can even go so far as to "docker exec -it ansible bash" into my container, then run an "ssh dockerhost" command, and it successfully uses my SSH keys to authenticate and SSH back into my host machine.

My problem comes when I attempt to use Ansible from inside the container to ping my host machine. Whenever I try to run "ansible dockerhost -m ping", I'm met with this error:

==========================================================================================================================

dockerhost | FAILED! => {

"changed": false,

"module_stderr": "Exception calling \"Create\" with \"1\" argument(s): \"At line:4 char:21

+ def _ansiballz_main():

+ ~

An expression was expected after '('.

At line:13 char:27

+ except (AttributeError, OSError):

+ ~

Missing argument in parameter list.

At line:15 char:7

+ if scriptdir is not None:

+ ~

Missing '(' after 'if' in if statement.

At line:22 char:7

+ if sys.version_info < (3,):

+

~

Missing '(' after 'if' in if statement.

At line:22 char:30

+ if sys.version_info < (3,):

+

~

Missing expression after ','.

At line:22 char:25

+ if sys.version_info < (3,):

+

~

The '<' operator is reserved for future use.

At line:24 char:32

+ MOD_DESC = ('.py', 'U', imp.PY_SOURCE)

+ ~

Missing expression after ','.

At line:24 char:33

+ MOD_DESC = ('.py', 'U', imp.PY_SOURCE)

+ ~~~~~~~~~~~~~

Unexpected token 'imp.PY_SOURCE' in expression or statement.

At line:24 char:32

+ MOD_DESC = ('.py', 'U', imp.PY_SOURCE)

+

~

Missing closing ')' in expression.

At line:24 char:46

+ MOD_DESC = ('.py', 'U', imp.PY_SOURCE)

+

~

Unexpected token ')' in expression or statement.

Not all parse errors were reported. Correct the reported errors and try

again.\"

At line:6 char:1

+ $exec_wrapper = [ScriptBlock]::Create($split_parts[0])

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException

+ FullyQualifiedErrorId : ParseException

The expression after '&' in a pipeline element produced an object that was not

valid. It must result in a command name, a script block, or a CommandInfo

object.

At line:7 char:2

+ &$exec_wrapper

+ ~~~~~~~~~~~~~

+ CategoryInfo : InvalidOperation: (:) [], RuntimeException

+ FullyQualifiedErrorId : BadExpression

",

"module_stdout": "",

"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",

"rc": 1

}

==========================================================================================================================

I've also attempted this same ping test using the win_ping module, but get a different failed result. The command hangs for an extended period of time, then eventually returns with this error:

==========================================================================================================================

<dockerhost> (1, '', '#< CLIXML\r\n\nProcess is terminated due to StackOverflowException.\n')

<dockerhost> Failed to connect to the host via ssh: #< CLIXML

Process is terminated due to StackOverflowException.

The full traceback is:

Traceback (most recent call last):

File "/usr/lib/python2.7/site-packages/ansible/executor/task_executor.py", line 144, in run

res = self._execute()

File "/usr/lib/python2.7/site-packages/ansible/executor/task_executor.py", line 648, in _execute

result = self._handler.run(task_vars=variables)

File "/usr/lib/python2.7/site-packages/ansible/plugins/action/normal.py", line 46, in run

result = merge_hash(result, self._execute_module(task_vars=task_vars, wrap_async=wrap_async))

File "/usr/lib/python2.7/site-packages/ansible/plugins/action/__init__.py", line 917, in _execute_module

res = self._low_level_execute_command(cmd, sudoable=sudoable, in_data=in_data)

File "/usr/lib/python2.7/site-packages/ansible/plugins/action/__init__.py", line 1060, in _low_level_execute_command

rc, stdout, stderr = self._connection.exec_command(cmd, in_data=in_data, sudoable=sudoable)

File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/ssh.py", line 1188, in exec_command

stderr = _parse_clixml(stderr)

File "/usr/lib/python2.7/site-packages/ansible/plugins/shell/powershell.py", line 46, in _parse_clixml

clixml = ET.fromstring(data.split(b"\r\n", 1)[-1])

File "/usr/lib/python2.7/xml/etree/ElementTree.py", line 1311, in XML

parser.feed(text)

File "/usr/lib/python2.7/xml/etree/ElementTree.py", line 1659, in feed

self._raiseerror(v)

File "/usr/lib/python2.7/xml/etree/ElementTree.py", line 1523, in _raiseerror

raise err

ParseError: syntax error: line 2, column 0

dockerhost | FAILED! => {

"msg": "Unexpected failure during module execution.",

"stdout": ""

}

==========================================================================================================================

So I'm at a bit of a loss. I can independently confirm that the SSH setup works, since I can SSH into and out of the Ansible container at will. I also believe I set everything up correctly in terms of using the experimental SSH connection to a Windows host.

My questions are these:

1) Is the ping command supposed to work with the Windows SSH feature? Or am I looking to just make the win_ping module work correctly?

2) Is there something I'm missing in my setup? Or is this possibly a bug I should report on the GitHub?

Thanks! And let me know if I can provide any additional details.

Ansible Version: 2.8

Host Machine: Windows 10 Pro

=============================================================

My hosts file:

[host]

dockerhost ansible_user=TJackwood

[host:vars]

ansible_connection=ssh

ansible_shell_type=cmd

ansible_python_interpreter='C:\Program Files\Python\Python3.6.4'

[dockerContainers]

ansible ansible_connection=local

apache-wls ansible_connection=docker

oracle11g ansible_connection=docker

mock-vadir ansible_connection=docker

alt-idp ansible_connection=docker

=============================================================

My .ssh config file within the Ansible container:

Host *

# disable host key checking: avoid asking for the keyprint authenticity

StrictHostKeyChecking no

UserKnownHostsFile /root/.ssh/known_hosts

#enable hashing known_host file

HashKnownHosts yes

# IdentityFile allows to specify exactly which private key I wish to use for authentification

IdentityFile /root/.ssh/ch33-shared-rsa

Host dockerhost

HostName host.docker.internal

User TJackwood

Port 22

=============================================================

J Hawkesworth

unread,

Jun 13, 2019, 3:25:16 AM6/13/19

to Ansible Project

I'm not sure I fully follow how you are trying to set this up, but windows is not supported for running ansible itself, as stated here: https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#control-node-requirements

I am out of touch with the latest state of windows support for containers but I think you'd need to run a linux container for the ansible controller. I think that may be possible now with latest versions, but as I say I'm not sure.

Sorry that's probably not what you want to hear. Personally I have used WSL aka 'Bash on Ubuntu on Windows' for some time now and it works just fine for running playbooks from while developing playbooks. I have full blown linux nodes for production ansible runs though.

Jon

Taylor Jackwood

unread,

Jun 13, 2019, 9:13:20 AM6/13/19

to Ansible Project

Hey J,

My initial post may have been a bit confusing: I am running my Ansible controller inside of a Linux container already, and it functions well when I use that Ansible controller container to control other Linux-based environments.

My problem is that my Ansible container is running in Docker on a Windows host machine. I'm attempting to make it so that my Ansible Linux container running in Docker can control my host machine as a Windows-based Ansible Node.

To reiterate from my initial post, I'm opting to try the latest experimental SSH support for controlling Windows-based nodes (WinRM isn't a good fit for us at the moment). I can successfully SSH from my Ansible Linux container to my Windows docker host machine, but I can't seem to get Ansible to successfully ping my Windows host machine.

Hope that clears some confusion,

Thanks!

J Hawkesworth

unread,

Jun 13, 2019, 12:15:58 PM6/13/19

to Ansible Project

The thing that's confused me is that you have set

ansible_python_interpreter='C:\Program Files\Python\Python3.6.4'

which looks like you are trying to use a windows installation of python to run with, and I'm pretty certain that's not going to fly.

Even when you are using ssh to talk to your windows hosts, the modules you will use will still be implemented in powershell.

Hope that helps a bit. I haven't tried the ssh support myself yet, so I'm sorry I can't hel with that part.

Jon

Matthew Davis

unread,

Jun 13, 2019, 1:03:43 PM6/13/19

to Ansible Project

Definitely a bit of a Rube Goldberg setup there, but no reason it shouldn't work. The big problem is that you need to be using the Windows modules to manage the Windows host (eg, win_ping, not ping).

Taylor Jackwood

unread,

Jun 13, 2019, 3:26:33 PM6/13/19

to Ansible Project

win_ping it is, I'll stop messing with ping itself then.

So my question surrounding win_ping still stands, I'm getting a StackOverflowError back after the process hangs for an extended period. Any more insights from anyone before I head over to the github and post it as a possible bug/issue?

Reply all

Reply to author

Forward