Developing Ansible Pipeline for (Window) shared netwrok
40 views
Skip to first unread message
benktes...@gmail.com
Apr 25, 2019, 3:12:34 PM4/25/19
to Ansible Development
Hi,
I have a requirement where the deployment file has to be copied to a window shared network. Jenkins slave is running on Linux server.
We are developing Ansible Playbook to achieve this.
I need help on below points to develop the playbook-
1. How can i connect to the target server(window network)? We already have WINRM enabled to the server. Please find below the Site.yml file-
Site.yml
---
- name: Copy files to IIS SERVER
hosts: "{{ group }}"
connection: local
- name: Copy files to IIS SERVER
hosts: "{{ group }}"
connection: local
vars_files:
- "{{ vars_file }}"
- "{{ vault_file }}"
- "{{ vars_file }}"
- "{{ vault_file }}"
roles:
- { role: copy_files, tags: ["copy_files"]}
- { role: copy_files, tags: ["copy_files"]}
My question here is, what would be the value of "connection" parameter?
Hosts are defined in attached hosts.ini file. Find the attached env directory which has hosts.ini file. This also has Test_components folder which has vars_file(which contains service account which is used to connect to the target server, target path and ansible parameters) and vault file.
I am also attaching playbook(playbook_test_package_deploy) file which contains site.yml and roles.
My other question is regarding the tasks(main.yml files under playbook folder, roles--> Copy_files--> tasks). this main.yml task is responsible to perform copy file operation to the target shared network. What would be the command which would copy the files to shared network?
Suppose below is the server details-
server - test1234p
shared folder location - \\test1234p\TEST_STUFF\TEST_DEPLOY\
Do i need to create a mapped drive first for above shared folder location using win command then access the path to copy the files?
Thank you!
jhawkesworth
May 2, 2019, 9:09:56 AM5/2/19
to Ansible Development
Hi,
You have a few options for copying files onto a windows file share, although copying to a remotely-mounted file share requires delegated authentication to get around the 'second hop' which windows defaults to not allowing (ansible - windows machine being 1 hop and windows machine to machine hosting the shared drive being a second hop) - see https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html#authentication-options and https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html#limitations if that applies to your situation.
I'd recommend you work through this documentation https://docs.ansible.com/ansible/latest/user_guide/windows.html
You have a few options for copying files onto a windows file share, although copying to a remotely-mounted file share requires delegated authentication to get around the 'second hop' which windows defaults to not allowing (ansible - windows machine being 1 hop and windows machine to machine hosting the shared drive being a second hop) - see https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html#authentication-options and https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html#limitations if that applies to your situation.
If you have access to the machine that is hosting the share you can use the win_copy module https://docs.ansible.com/ansible/latest/modules/win_copy_module.html.
This can be slow if you have large files to transfer.
Another option is to use shell or command to run 'smbclient'. This might be a good option if the source files are on your ansible controller. You might need to use 'no_log: true' to protect the password for the shared drive.
To connect to your windows hosts, you would need to remove the 'connection:local' line from your playbook and add the windows machine to a group which is configured to use winrm to connect (instead of using default ssh connection type). If you just have 1 windows host you can use host_vars instead of group_vars. The relevant settings are documented here: https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html#inventory-options
Hope this helps,
Jon
Benktesh Kumar
May 20, 2019, 11:41:06 AM5/20/19
to Ansible Development
Hi Jon,
Thanks for your input.
User(Service account) is now having access to the machine that's hosting the shared drive. WINRM has been enabled to the target server with CREDSSP authentication. connection has been updated from local to a group.
However now the pipeline is failing while connecting to the target server and it's giving below error-
TASK [Gathering Facts]********************************************************
fatal: [ test1234p ]: UNREACHABLE! => {"changed": false, "msg": "credssp: The server did not response with a CredSSP token, auth rejected", "unreachable": true}
I have validated below points so far-
1. Service account is working fine and connecting to the target server when tried manually.
2. WINRM is up and running fine and they have remote access. Below commands have been executed to validate this-
Winrm get winrm/config/service
winrm quickconfig
3. Validated the listener and it looks good too. Below commands were use to verify this-
winrm e winrm/config/Listener
4. The server is listening to port 5986 for HTTPS (i am using https ).
5. PS-Remoting has been enabled for port 5986.
6. It has been verified that powershell4.0 is running on destination server.
Target server is 2008 server.
Could you please let me know what else can i validate now? Do i need to validate something for Ansible setup as well? Not sure if something needs to be validated on server as well?
Note- I have build a pipeline for IIS servers(which is 2012 R2 server) and using the same concept but it's working fine. The only difference is the service account.
Regards,
Benktesh Kumar
Reply all
Reply to author
Forward
0 new messages