Some Ansible Windows winrm variables doesn't seems to be use

[Julien Savard]

Hi,

It seems ansible does not use the variables in /etc/ansible/hosts for winrm connection :

In /etc/ansible/hosts : 

[windows]

10.10.10.10

[windows:vars]

ansible_user=WindowsUser

ansible_password=UserPassword

ansible_winrm_scheme=http

ansible_port=5985

ansible_connection=winrm

ansible_winrm_server_cert_validation=ignore

[root@linuxServer ~]# ansible windows -m win_ping

10.10.10.10 | FAILED => Traceback (most recent call last):

  File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line 586, in _executor

    exec_rc = self._executor_internal(host, new_stdin)

  File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line 789, in _executor_internal

    return self._executor_internal_inner(host, self.module_name, self.module_args, inject, port, complex_args=complex_args)

  File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line 968, in _executor_internal_inner

    conn = self.connector.connect(actual_host, actual_port, actual_user, actual_pass, actual_transport, actual_private_key_file, delegate_host)

  File "/usr/lib/python2.7/site-packages/ansible/runner/connection.py", line 52, in connect

    self.active = conn.connect()

  File "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", line 140, in connect

    self.protocol = self._winrm_connect()

  File "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", line 94, in _winrm_connect

    realm=realm)

  File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 68, in __init__

    auth_method=transport)

  File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 109, in __init__

    raise InvalidCredentialsError("auth method %s requires a password" % self.auth_method)

InvalidCredentialsError: auth method plaintext requires a password

[root@linuxServer ~]# ansible windows -m win_ping -k

SSH password:

10.10.10.10 | FAILED => Traceback (most recent call last):

  File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line 586, in _executor

    exec_rc = self._executor_internal(host, new_stdin)

  File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line 789, in _executor_internal

    return self._executor_internal_inner(host, self.module_name, self.module_args, inject, port, complex_args=complex_args)

  File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line 968, in _executor_internal_inner

    conn = self.connector.connect(actual_host, actual_port, actual_user, actual_pass, actual_transport, actual_private_key_file, delegate_host)

  File "/usr/lib/python2.7/site-packages/ansible/runner/connection.py", line 52, in connect

    self.active = conn.connect()

  File "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", line 140, in connect

    self.protocol = self._winrm_connect()

  File "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", line 96, in _winrm_connect

    protocol.send_message('')

  File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 207, in send_message

    return self.transport.send_message(message)

  File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 173, in send_message

    response = self.session.send(prepared_request, timeout=self.read_timeout_sec)

  File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 585, in send

    r = adapter.send(request, **kwargs)

  File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 467, in send

    raise ConnectionError(e, request=request)

ConnectionError: HTTPSConnectionPool(host='10.10.10.10', port=5986): Max retries exceeded with url: /wsman (Caused by NewConnectionError('<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x2177750>: Failed to establish a new connection: [Errno 111] Connection refused',))

Even forcing it in command line doesn't seem to work :

[root@linuxServer ~]# ansible windows -m win_ping -e ansible_winrm_scheme=http -e ansible_port=5985 -k

SSH password:

10.10.10.10 | FAILED => Traceback (most recent call last):

  File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line 586, in _executor

    exec_rc = self._executor_internal(host, new_stdin)

  File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line 789, in _executor_internal

    return self._executor_internal_inner(host, self.module_name, self.module_args, inject, port, complex_args=complex_args)

  File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line 968, in _executor_internal_inner

    conn = self.connector.connect(actual_host, actual_port, actual_user, actual_pass, actual_transport, actual_private_key_file, delegate_host)

  File "/usr/lib/python2.7/site-packages/ansible/runner/connection.py", line 52, in connect

    self.active = conn.connect()

  File "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", line 140, in connect

    self.protocol = self._winrm_connect()

  File "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", line 96, in _winrm_connect

    protocol.send_message('')

  File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 207, in send_message

    return self.transport.send_message(message)

  File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 173, in send_message

    response = self.session.send(prepared_request, timeout=self.read_timeout_sec)

  File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 585, in send

    r = adapter.send(request, **kwargs)

  File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 467, in send

    raise ConnectionError(e, request=request)

ConnectionError: HTTPSConnectionPool(host='10.10.10.10', port=5986): Max retries exceeded with url: /wsman (Caused by NewConnectionError('<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x2c04650>: Failed to establish a new connection: [Errno 111] Connection refused',))

So it seems neither ansible_password nor ansible_port was used but ansible_connection=winrm seems to be used...

Is it something I did not configured right or some kind of bug ?

Before you ask : 

Linux server is configured with Kerberos and working.

port 5986 is not enabled on Windows server.

[J Hawkesworth]

Which version of ansible are you using?  The variable names changed between 1.9.x and 2.x - looks like you are using the variable names that will work with ansible 2.x 

I have 2.0.0.2 and 2.1.0.0 both working fine against windows hosts, but I always put the winrm connection settings in my /etc/ansible/group_vars/

Hope this helps,

Jon

[Googly Googly]

Hi,

I am facing exactly same issue. Did you find solution to this? It was giving me another issue till y'day and since this morning when I restarted my Linux VM. I started getting this issue.

Thanks,

[Matt Davis]

There was a late change to 2.1.0 that broke psuedo-connection vars (eg, ansible_winrm_X) defined in group_vars files, preventing them from propagating correctly into the worker process (where flat inventory files worked fine). It's been corrected for 2.1.1 (currently in release candidate). 

[Googly Googly]

Just did upgrade to 2.1.1.0 still facing the same issue:

Loaded callback minimal of type stdout, v2.0

<10.10.32.29> ESTABLISH WINRM CONNECTION FOR USER: amitag on PORT 5985 TO 10.10.32.29

10.10.32.29 | UNREACHABLE! => {

    "changed": false,

    "msg": "plaintext: HTTPConnectionPool(host='10.10.32.29', port=5985): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<requests.packages.urllib3.connection.HTTPConnection object at 0x33bc790>, 'Connection to 10.10.32.29 timed out. (connect timeout=30)'))",

    "unreachable": true

[J Hawkesworth]

So that's a connection timeout.  Is there a firewall between your ansible controller and the windows box?

Did you run the configure for remoting .ps1 script on the windows node to set up winrm for ansible?

Can you traceroute to 10.10.32.29 from your ansible box?

Jon

[Googly Googly]

Thanks - resolved. Somehow the service was stopped :(.

[parthasarathy rajagopal]

What was the Fix you made. Which service was stopped.?