Kerberos auth failure: kinit: Password incorrect while getting initial credentials
1,772 views
Skip to first unread message
Jonay Herrera y Steendam
Apr 12, 2018, 11:38:31 AM4/12/18
to AWX Project
hi,
I am new with awx and try for a project to use awx. I have installed awx on openshift and it is running. but when I try to launch a job to a windows server I have this error:
{
"msg": "Kerberos auth failure: kinit: Password incorrect while getting initial credentials",
"unreachable": true,
"changed": false
}
when I look the awx pod throught the terminal, I see this packages already installed :
sh-4.2$ rpm -qa |grep krb
krb5-workstation-1.15.1-8.el7.x86_64
krb5-libs-1.15.1-8.el7.x86_64
do I need to configure more to have a connection with the windows server ?
more info implementation awx on openshift:
7514756@s51lv02:~ $ oc project awx
Now using project "awx" on server "https://ocp3-191.cmcdev.be:8443".
7514756@s51lv02:~ $ oc get pods
NAME READY STATUS RESTARTS AGE
awx-1989311464-xvmgb 4/4 Running 0 21d
etcd-3061249660-bm4jp 1/1 Running 0 21d
postgresql-5-2hx4j 1/1 Running 0 21d
7514756@s51lv02:~ $ oc describe pod awx-1989311464-xvmgb
Name: awx-1989311464-xvmgb
Namespace: awx
Node: s51lv0m.cmcdev.be/10.151.189.11
Start Time: Thu, 22 Mar 2018 12:51:34 +0100
Labels: name=awx-web-deploy
pod-template-hash=1989311464
service=django
Annotations: kubernetes.io/created-by={"kind":"SerializedReference","apiVersion":"v1","reference":{"kind":"ReplicaSet","namespace":"awx","name":"awx-1989311464","uid":"cb352e83-2214-11e8-ba7a-005056beeb06","apiVer...
openshift.io/scc=restricted
Status: Running
IP: 10.130.3.121
Created By: ReplicaSet/awx-1989311464
Controlled By: ReplicaSet/awx-1989311464
Containers:
awx-web:
Container ID: docker://15e7ce771e2eae6347a74412160e541de963ec2909bdec688c1ac1633110f05f
Image: ansible/awx_web:latest
Image ID: docker-pullable://docker.io/ansible/awx_web@sha256:cd597f5d548924224ddd2dd32a2dc0e77776bd347e490bf7bdbdd4a240df02bd
Port: 8052/TCP
State: Running
Started: Thu, 22 Mar 2018 12:52:16 +0100
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/etc/tower from awx-application-config (rw)
/var/run/secrets/kubernetes.io/serviceaccount from default-token-27d1v (ro)
awx-celery:
Container ID: docker://8e7be8dbd6aece45ca47bdd7c55f9f7b00ddbd7144e7152d4ca586d719832112
Image: ansible/awx_task:latest
Image ID: docker-pullable://docker.io/ansible/awx_task@sha256:2515fc2577c9a94ddc3e5418aa8865bcb018bfa4fde036006f425bdaec431b91
Port: <none>
State: Running
Started: Thu, 22 Mar 2018 12:52:23 +0100
Ready: True
Restart Count: 0
Environment:
DATABASE_USER: awx
DATABASE_NAME: awx
DATABASE_HOST: postgresql
DATABASE_PORT: 5432
DATABASE_PASSWORD: awxpass
MEMCACHED_HOST: localhost
RABBITMQ_HOST: localhost
AWX_ADMIN_USER: admin
AWX_ADMIN_PASSWORD: password
Mounts:
/etc/tower from awx-application-config (rw)
/var/run/secrets/kubernetes.io/serviceaccount from default-token-27d1v (ro)
awx-rabbit:
Container ID: docker://c6f9e8c9ecaa9d61f017934d92d02c39814e1467ea0813368f6c1faf5889057a
Image: ansible/awx_rabbitmq:3.6.14
Image ID: docker-pullable://docker.io/ansible/awx_rabbitmq@sha256:e0270de0b7fe504c12709cc3cab299a515f12e61618573337e40fa58dafe07ee
Port: <none>
State: Running
Started: Thu, 22 Mar 2018 12:52:33 +0100
Ready: True
Restart Count: 0
Environment:
MY_POD_IP: (v1:status.podIP)
RABBITMQ_USE_LONGNAME: true
RABBITMQ_ERLANG_COOKIE: cookiemonster
RABBITMQ_NODENAME: rabbit@$(MY_POD_IP)
AUTOCLUSTER_TYPE: etcd
AUTOCLUSTER_DELAY: 60
ETCD_HOST: etcd
AUTOCLUSTER_CLEANUP: true
CLEANUP_WARN_ONLY: false
CLEANUP_INTERVAL: 30
RABBITMQ_DEFAULT_USER: awx
RABBITMQ_DEFAULT_PASS: abcdefg
RABBITMQ_DEFAULT_VHOST: awx
RABBITMQ_CONFIG_FILE: /etc/rabbitmq/rabbitmq
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-27d1v (ro)
awx-memcached:
Container ID: docker://c276b8bc49ddf35e41a447355045fb276eefd24d611c45781c4c0888bc0ed86e
Image: memcached
Image ID: docker-pullable://docker.io/memcached@sha256:919b596677661335c729cb3918b2a997779259028c1793db2a373e18e52a5507
Port: <none>
State: Running
Started: Thu, 22 Mar 2018 12:52:41 +0100
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-27d1v (ro)
Conditions:
Type Status
Initialized True
Ready True
PodScheduled True
Volumes:
awx-application-config:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: awx-config
Optional: false
default-token-27d1v:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-27d1v
Optional: false
QoS Class: BestEffort
Node-Selectors: purpose=work
Tolerations: <none>
Events: <none>
7514756@s51lv02:~ $
more info about the ansible job:
ansible-playbook 2.4.3.0
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/var/lib/awx/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]
Using /etc/ansible/ansible.cfg as config file
SSH password:
setting up inventory plugins
Parsed /tmp/awx_26_ho_vZ0/tmpgZOzUM inventory source with script plugin
Loading callback plugin awx_display of type stdout, v2.0 from /usr/lib/python2.7/site-packages/awx/lib/awx_display_callback/module.pyc
PLAYBOOK: name-generator.yml ***************************************************
1 plays in name-generator.yml
PLAY [name generator] **********************************************************
16:59:24
TASK [Gathering Facts] *********************************************************
16:59:24
Using module file /usr/lib/python2.7/site-packages/ansible/modules/windows/setup.ps1
<s51w40s.cmctst.be> ESTABLISH WINRM CONNECTION FOR USER: 7513981adm@CMCTST.BE on PORT 5986 TO s51w40s.cmctst.be
checking if winrm_host s51w40s.cmctst.be is an IPv6 address
creating Kerberos CC at /tmp/tmp0kfp4X
calling kinit for principal 7513981adm@CMCTST.BE
fatal: [s51w40s.cmctst.be]: UNREACHABLE! => {
"changed": false,
"msg": "Kerberos auth failure: kinit: Password incorrect while getting initial credentials",
"unreachable": true
}
PLAY RECAP *********************************************************************
16:59:24
s51w40s.cmctst.be : ok=0 changed=0 unreachable=1 failed=0
thanks in advance,
Jonay
Jacob Jackson
Apr 12, 2018, 2:17:30 PM4/12/18
to AWX Project
hi jonay,
has the host machine (the machine you wish to control) been prepped for use with ansible? there are a few things you have to do to use ansible with windows. more can be found here: http://docs.ansible.com/ansible/latest/user_guide/windows_setup.html#winrm-setup. I am thinking specifically about the configuration of WinRM on the host.
if it has been, we can dive a little deeper.
regards,
jake
Jonay Herrera y Steendam
Apr 12, 2018, 5:12:49 PM4/12/18
to Jacob Jackson, AWX Project
Hi Jake,
Yes, the host windos machine is full configured to be managed by ansible. This I have already test it with Ansible Tower (pay version), but I want to use awx for our non-production enviroments Tower is too expensive for non production enviroments en tests
Thanks for your quick feedback !
Kind regards,
Jonay
--
You received this message because you are subscribed to a topic in the Google Groups "AWX Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/awx-project/rDWa_n0VyBw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to awx-project...@googlegroups.com.
To post to this group, send email to awx-p...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/awx-project/3c430308-9e66-41c7-bfa4-f14fb9cd5f54%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
dnc92301
Jun 13, 2018, 7:58:09 AM6/13/18
to AWX Project
Jonay- were you able to do a kinit to obtain a ticket . How is your krb5.conf configured ?
Reply all
Reply to author
Forward
0 new messages