Ansible installed from yum is unable to connect to windows while Ansible installed via source file is working fine from the same host

344 views
Skip to first unread message

ishan jain

unread,
Sep 1, 2016, 6:13:02 AM9/1/16
to Ansible Project
I am making some centOS based docker containers to be used as Ansible host. Initially, i created a container and installed Ansible from source files. To connect to windows hosts, i installed some modules as and when required. (honestly, i am not sure what all modules i installed)

Now i created another similar docker container only that i installed Ansible and other things via yum, all latest versions. The scripts for linux hosts works fine but the scripts for windows which are working on same host (and same target windows machine) are not working in this new container. Below is the error i get for setup module.


Loaded callback minimal of type stdout, v2.0
<10.10.10.10> ESTABLISH WINRM CONNECTION FOR USER: test on PORT 5986 TO 10.10.10.10
<10.10.10.10> WINRM CONNECT: transport=ssl endpoint=https://10.10.10.10:5986/wsman
<10.10.10.10> WINRM CONNECTION ERROR: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:765)
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/winrm.py", line 151, in _winrm_connect
    self.shell_id = protocol.open_shell(codepage=65001) # UTF-8
  File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 132, in open_shell
    res = self.send_message(xmltodict.unparse(req))
  File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 207, in send_message
    return self.transport.send_message(message)
  File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 173, in send_message
    response = self.session.send(prepared_request, timeout=self.read_timeout_sec)
  File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 596, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 497, in send
    raise SSLError(e, request=request)
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:765)

windows1 | UNREACHABLE! => {
    "changed": false,
    "msg": "ssl: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:765)",
    "unreachable": true
}

J Hawkesworth

unread,
Sep 1, 2016, 9:30:10 AM9/1/16
to Ansible Project
to get round that issue you need to set

ansible_winrm_server_cert_validation: ignore

In your inventory / group vars

its documented here:


Hope this helps,

Jon

ishan jain

unread,
Sep 2, 2016, 6:29:55 AM9/2/16
to Ansible Project
Thanks, this works.

What i do not understand is why does it work ? Is this something that i will have to put in my inventory files always now ?
Reply all
Reply to author
Forward
0 new messages