Problems getting linux-controller for windows working

170 views
Skip to first unread message

Benjamin Loehner

unread,
Apr 13, 2016, 9:06:01 AM4/13/16
to Ansible Project
Hi,

i followed the instructions at http://docs.ansible.com/ansible/intro_windows.html to set up a control machine but it won't work. I the set up a second machine, following these instructions http://darrylcauldwell.com/how-to-setup-an-ansible-test-lab-for-windows-managed-nodes-custom-windows-modules/.

The funny thing is, both react the same way:

root@XX-WEB01:~# ansible all -m setup -vvv
<xxx.xxx.xxx.xxx> ESTABLISH WINRM CONNECTION FOR USER: root on PORT 5986 TO xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx | FAILED => Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/ansible/runner/__init__.py", line 561, in _executor
    exec_rc = self._executor_internal(host, new_stdin)
  File "/usr/lib/python2.7/dist-packages/ansible/runner/__init__.py", line 666, in _executor_internal
    return self._executor_internal_inner(host, self.module_name, self.module_args, inject, port, complex_args=complex_args)
  File "/usr/lib/python2.7/dist-packages/ansible/runner/__init__.py", line 837, in _executor_internal_inner
    conn = self.connector.connect(actual_host, actual_port, actual_user, actual_pass, actual_transport, actual_private_key_file)
  File "/usr/lib/python2.7/dist-packages/ansible/runner/connection.py", line 34, in connect
    self.active = conn.connect()
  File "/usr/lib/python2.7/dist-packages/ansible/runner/connection_plugins/winrm.py", line 132, in connect
    self.protocol = self._winrm_connect()
  File "/usr/lib/python2.7/dist-packages/ansible/runner/connection_plugins/winrm.py", line 71, in _winrm_connect
    cache_key = '%s:%s@%s:%d' % (self.user, hashlib.md5(self.password).hexdigest(), self.host, port)
TypeError: must be string or buffer, not None

Both machines are running Debian (3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-2 (2016-04-08) x86_64 GNU/Linux), the target is a 2012R2. To be honest, i'm a linux newbie and i didn't understand
everything in the manuals.

Kevin Foster

unread,
Apr 20, 2016, 3:34:50 PM4/20/16
to Ansible Project
It looks like it is trying user root to connect to your windows machine.

I use a local user to connect to my windows systems.  I have a setup systems named veeam in my hosts file.  I then setup /etc/ansible/group_vars/veeam.yml.  In this file I have:

ansible_user: localuser
ansible_password: localuserspassword
ansible_port: 5986
ansible_connection: winrm
ansible_winrm_server_cert_validation: ignore

Then I would run.
ansible veeam -m setup -vvv

and it will automatically use the group_vars/veeam.yml settings to access my veeam windows hosts.

You can see the example in the link you entered above: http://docs.ansible.com/ansible/intro_windows.html#inventory  see the "In group_vars..." section.

Matt Davis

unread,
Apr 21, 2016, 6:41:56 PM4/21/16
to Ansible Project
The traceback looks like you're using Ansible 1.9 (or older)- the docs you reference are for 2.0+ (though have 1.9-specific stuff called out throughout). I'd guess you need to set ansible_ssh_user/ansible_ssh_pass in your inventory (where you're probably using the 2.0 keys ansible_user and ansible_password).

Benjamin Loehner

unread,
Apr 28, 2016, 6:33:54 AM4/28/16
to Ansible Project
Yes, you were right, thank you! I used apt-get and this installs an antique version of ansible. I solved that problem and just ran into the next wall.

<srv-vm-2012r2.TEST.LOCAL> ESTABLISH WINRM CONNECTION FOR USER: ans...@TEST.LOCAL on PORT 5986 TO srv-vm-2012r2.TEST.LOCAL
srv-vm-2012r2.TEST.LOCAL | UNREACHABLE! => {
    "changed": false,
    "msg": "kerberos: 'ascii' codec can't decode byte 0xc3 in position 12: ordinal not in range(128), ssl: 'ascii' codec can't decode byte 0xc3 in position 12: ordinal not in range(128)",
    "unreachable": true
}

Sorry to bother you again, but as i said i'm a newbie and nothing works as shown in the how-tos, pretty frustrating.

J Hawkesworth

unread,
Apr 28, 2016, 7:41:15 AM4/28/16
to Ansible Project
Hey,

Do you have an activity directory domain called 'TEST.LOCAL' or are you attempting to connect as a local user called ansible (which has been created in the users and groups panel on the target windows box)?

I think if you are trying to use a local user, drop the @TEST.LOCAL bit from your username.

Also did you run the ConfigureRemotingForAnsible.ps1 script on the target windows box?

Not seen that specific error before - I wonder if you have a non-ascii character in your configuration vars somewhere.  If the above doesn't help I'd suggest using od -cx on your inventory / group_vars to see if there are any characters outside ascii range.

Hope this helps.

Jon

Benjamin Loehner

unread,
Apr 28, 2016, 8:27:27 AM4/28/16
to Ansible Project
Hi Jon,

i actually have a domain called test.local with a user called ansible. I did it, like it was described in Link 1 and Link 2.
Yes, i ran the script, but it only says powershell 3.0 is already installed.

My hosts-file looks like this:

[windows]
srv-vm-2012r2.TEST.LOCAL

[windows:vars]
ansible_user = ans...@TEST.LOCAL
ansible_connection = winrm
ansible_port = 5986

And this is my krb5.conf:

[libdefaults]
        default_realm = TEST.LOCAL

[realms]
        TEST.LOCAL = {
                kdc = srv-vm-2012r2.test.local
                default_domain = test.local
                kpasswd_server = srv-vm-2012r2.test.local
        }
[domain_realm]
        .test.local = TEST.LOCAL

If i do a kinit, it accepts my pass and returns this on klist:

root@BL-Ansible:~/ansible/hacking# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: ans...@TEST.LOCAL

Valid starting       Expires              Service principal
28.04.2016 11:32:37  28.04.2016 21:32:37  krbtgt/TEST....@TEST.LOCAL
        renew until 29.04.2016 11:32:34
28.04.2016 11:41:36  28.04.2016 21:32:37  HTTP/srv-vm-2012r...@TEST.LOCAL
        renew until 29.04.2016 11:32:34

But there appeared something (red text) new:

root@BL-Ansible:~/ansible/hacking# ansible windows -m setup -vvv
No config file found; using defaults
<srv-vm-2012r2.TEST.LOCAL> ESTABLISH WINRM CONNECTION FOR USER: ansible on PORT 5986 TO srv-vm-2012r2.TEST.LOCAL
srv-vm-2012r2.TEST.LOCAL | UNREACHABLE! => {
    "changed": false,
    "msg": "ssl: 'ascii' codec can't decode byte 0xc3 in position 12: ordinal not in range(128)",
    "unreachable": true
}



And what do you mean with "-cx on your inventory / group_vars "? Always remember, i'm a linux n00b :)

J Hawkesworth

unread,
Apr 28, 2016, 12:43:30 PM4/28/16
to Ansible Project

The new bit is probably because you aren't running from a folder where there's an ansible.cfg file
if you cd to /etc/ansible (or wherever you keep your ansible.cfg) then that will go away.

My guess would be you aren't picking up the python-kerberos library

If you run python and then enter the following 

import kerberos

do you get

'ImportError: No module named kerberos'

If so you need to install the python-kerberos lib, probably like this

pip install kerberos

Hope this helps,

Jon
28.04.2016 11:41:36  28.04.2016 21:32:37  HTTP/srv-vm-2012r2.test.lo...@TEST.LOCAL
        renew until 29.04.2016 11:32:34

Bluesky

unread,
Jul 13, 2017, 2:00:21 PM7/13/17
to Ansible Project

Is there a solution to this problem? Must reduce the version of ansible?

在 2016年4月13日星期三 UTC+8下午9:06:01,Benjamin Loehner写道:
Reply all
Reply to author
Forward
0 new messages