"kerberos: HTTPSConnectionPool(host='win-xx.ca.local', port=5986): Max retries exceeded with url: /wsman (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)'),))"
26 vistas
Ir al primer mensaje no leído
Kiran Kumar
2 jun 2020, 2:25:43 a.m.2/6/2020
para Ansible Project
Hello
I am getting error below
"msg": "kerberos: HTTPSConnectionPool(host='win-xx.ca.local', port=5986): Max retries exceeded with url: /wsman (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)'),))",
Details :
ansible 2.9.9
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Apr 2 2020, 13:16:51) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
root@vm02 : Mon Jun 01 : 23:19:37 : ~ : # cat /etc/redhat-release
CentOS Linux release 7.8.2003 (Core)
root@vm02 : Mon Jun 01 : 23:19:41 : ~ : #
==
Windows is 2019 Server
==
[WARNING]: ansible_winrm_cert_validation unsupported by pywinrm (is an up-to-date version of pywinrm installed?)
WIN-xx.ca.local | UNREACHABLE! => {
"changed": false,
"msg": "kerberos: HTTPSConnectionPool(host='win-xx.ca.local', port=5986): Max retries exceeded with url: /wsman (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)'),))",
"unreachable": true
}
==
windows]
WIN-xx.ca.local
[windows:vars]
ansible_user=Admini...@CA.LOCAL
ansible_connection=winrm
ansible_port=5986
ansible_winrm_transport=kerberos
ansible_winrm_cert_validation=ignore
ansible_password='xx##'
ansible_winrm_scheme=https
==
on windows i did ran
$file = "$env:temp\ConfigureRemotingForAnsible.ps1"
(New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file)
powershell.exe -ExecutionPolicy ByPass -File $file
winrm enumerate winrm/config/Listener
==
PS C:\Users\Administrator> winrm enumerate winrm/config/Listener
Listener
Address = *
Transport = HTTP
Port = 5985
Hostname
Enabled = true
URLPrefix = wsman
CertificateThumbprint
ListeningOn = 127.0.0.1, 192.168.1.103, ::1, 2600:1700:bad0:7ec0:19a4:b093:241e:49f, fe80::5efe:192.168.1.103%3, fe8
0::ffff:ffff:fffe%4, fe80::19a4:b093:241e:49f%6
Listener
Address = *
Transport = HTTPS
Port = 5986
Hostname = WIN-xx
Enabled = true
URLPrefix = wsman
CertificateThumbprint = E2958107C8382D739C8926EE25CC750B6FB4A080
ListeningOn = 127.0.0.1, 192.168.1.103, ::1, 2600:1700:bad0:7ec0:19a4:b093:241e:49f, fe80::5efe:192.168.1.103%3, fe8
0::ffff:ffff:fffe%4, fe80::19a4:b093:241e:49f%6
PS C:\Users\Administrator>
===
i tried
pip uninstall pywinrm
pip install "pywinrm>=0.3.0"
DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. pip 21.0 will drop support for Python 2.7 in January 2021. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support
sh: warning: setlocale: LC_ALL: cannot change locale (C.UTF-8)
Collecting pywinrm>=0.3.0
Using cached pywinrm-0.4.1.tar.gz (36 kB)
Requirement already satisfied: xmltodict in /usr/lib/python2.7/site-packages (from pywinrm>=0.3.0) (0.12.0)
Requirement already satisfied: requests>=2.9.1 in /usr/lib/python2.7/site-packages (from pywinrm>=0.3.0) (2.23.0)
Requirement already satisfied: requests_ntlm>=0.3.0 in /usr/lib/python2.7/site-packages (from pywinrm>=0.3.0) (1.1.0)
Requirement already satisfied: six in /usr/lib/python2.7/site-packages (from pywinrm>=0.3.0) (1.9.0)
Requirement already satisfied: certifi>=2017.4.17 in /usr/lib/python2.7/site-packages (from requests>=2.9.1->pywinrm>=0.3.0) (2020.4.5.1)
Requirement already satisfied: urllib3!=1.25.0,!=1.25.1,<1.26,>=1.21.1 in /usr/lib/python2.7/site-packages (from requests>=2.9.1->pywinrm>=0.3.0) (1.25.9)
Requirement already satisfied: idna<3,>=2.5 in /usr/lib/python2.7/site-packages (from requests>=2.9.1->pywinrm>=0.3.0) (2.9)
Requirement already satisfied: chardet<4,>=3.0.2 in /usr/lib/python2.7/site-packages (from requests>=2.9.1->pywinrm>=0.3.0) (3.0.4)
Requirement already satisfied: cryptography>=1.3 in /usr/lib64/python2.7/site-packages (from requests_ntlm>=0.3.0->pywinrm>=0.3.0) (1.7.2)
Requirement already satisfied: ntlm-auth>=1.0.2 in /usr/lib/python2.7/site-packages (from requests_ntlm>=0.3.0->pywinrm>=0.3.0) (1.4.0)
Requirement already satisfied: pyasn1>=0.1.8 in /usr/lib/python2.7/site-packages (from cryptography>=1.3->requests_ntlm>=0.3.0->pywinrm>=0.3.0) (0.1.9)
Requirement already satisfied: setuptools in /usr/lib/python2.7/site-packages (from cryptography>=1.3->requests_ntlm>=0.3.0->pywinrm>=0.3.0) (0.9.8)
Requirement already satisfied: enum34 in /usr/lib/python2.7/site-packages (from cryptography>=1.3->requests_ntlm>=0.3.0->pywinrm>=0.3.0) (1.0.4)
Requirement already satisfied: ipaddress in /usr/lib/python2.7/site-packages (from cryptography>=1.3->requests_ntlm>=0.3.0->pywinrm>=0.3.0) (1.0.16)
Requirement already satisfied: cffi>=1.4.1 in /usr/lib64/python2.7/site-packages (from cryptography>=1.3->requests_ntlm>=0.3.0->pywinrm>=0.3.0) (1.6.0)
Requirement already satisfied: pycparser in /usr/lib/python2.7/site-packages (from cffi>=1.4.1->cryptography>=1.3->requests_ntlm>=0.3.0->pywinrm>=0.3.0) (2.14)
Using legacy setup.py install for pywinrm, since package 'wheel' is not installed.
Installing collected packages: pywinrm
Running setup.py install for pywinrm ... done
Successfully installed pywinrm-0.4.1
==
still no luck
Any suggestion Please ?
thanks
Jordan Borean
2 jun 2020, 3:49:08 a.m.2/6/2020
para Ansible Project
The key you want to use is ‘ansible_winrm_server_cert_validation’, you were missing the server part https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html#https-certificate-validation.
Kiran Kumar
2 jun 2020, 4:18:34 a.m.2/6/2020
para Ansible Project
Thanks ! that was it
Nice catch ...
Responder a todos
Responder al autor
Reenviar
0 mensajes nuevos