Ansible issues with Windows deployment

[1217...@qq.com]

I use ansible to operate Windows, there are many problems!

As follows:

1. Use win_copy to copy the Shared directory or the middle file times of the network drive disk!

My Syntax is here , 

  tasks:

  - name: copy file

    win_copy:

      src: \\192.168.227.181\2.0.0\pys

      dest: C:\tools

      remote_src: True

The execution result:

ubuntu@xll-ubuntu:~$ ansible-playbook /etc/ansible/test.yml -vvv

ansible-playbook 2.4.3.0

  config file = /etc/ansible/ansible.cfg

  configured module search path = [u'/home/ubuntu/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']

  ansible python module location = /home/ubuntu/.local/lib/python2.7/site-packages/ansible

  executable location = /usr/bin/ansible-playbook

  python version = 2.7.12 (default, Dec  4 2017, 14:50:18) [GCC 5.4.0 20160609]

Using /etc/ansible/ansible.cfg as config file

Parsed /etc/ansible/hosts inventory source with ini plugin

PLAYBOOK: test.yml ********************************************************************************************************************************************************************************************

1 plays in /etc/ansible/test.yml

PLAY [dbServer] ***********************************************************************************************************************************************************************************************

TASK [Gathering Facts] ****************************************************************************************************************************************************************************************

Using module file /home/ubuntu/.local/lib/python2.7/site-packages/ansible/modules/windows/setup.ps1

<192.168.227.196> ESTABLISH WINRM CONNECTION FOR USER: administrator on PORT 5986 TO 192.168.227.196

EXEC (via pipeline wrapper)

ok: [192.168.227.196]

META: ran handlers

TASK [拷贝文件 到目标服务器上] *******************************************************************************************************************************************************************************************

task path: /etc/ansible/test.yml:4

Using module file /home/ubuntu/.local/lib/python2.7/site-packages/ansible/modules/windows/win_copy.ps1

<192.168.227.196> ESTABLISH WINRM CONNECTION FOR USER: administrator on PORT 5986 TO 192.168.227.196

EXEC (via pipeline wrapper)

fatal: [192.168.227.196]: FAILED! => {

    "changed": false,

    "dest": "C:\\tools",

    "module_stderr": "Exception calling \"Run\" with \"1\" argument(s): \"Exception calling \"Invoke\" with \r\n\"0\" argument(s): \"The running command stopped because the preference variable \"\r\nErrorActionPreference\" or common parameter is set to Stop: 拒绝访问。\"\"\r\nAt line:47 char:5\r\n+     $output = $entrypoint.Run($payload)\r\n+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : NotSpecified: (:) [], ParentContainsErrorRecordE \r\n   xception\r\n    + FullyQualifiedErrorId : ScriptMethodRuntimeException\r\n \r\n",

    "module_stdout": "",

    "msg": "MODULE FAILURE",

    "rc": 1,

    "src": "\\\\192.168.227.181\\2.0.0\\pys"

}

        to retry, use: --limit @/etc/ansible/test.retry

PLAY RECAP ****************************************************************************************************************************************************************************************************

192.168.227.196            : ok=1    changed=0    unreachable=0    failed=1

2. It is not possible to call python script replication through win_command, without error messages.(it's okay to do python on Windows)

[Jordan Borean]

This is failing because of the reasons I explained in your other question https://groups.google.com/forum/#!topic/ansible-project/Jz9ByKAJzS0. In short you should look at using become on your tasks to bypass the WinRM limitations. Also Ansible can execute Python scripts, I'm not sure why you are saying it has error messages but the rc is 0 and there is nothing on the stderr so that looks like it ran correctly.

[1217...@qq.com]

在 2018年3月16日星期五 UTC+8下午5:09:30，Jordan Borean写道：

This is failing because of the reasons I explained in your other question https://groups.google.com/forum/#!topic/ansible-project/Jz9ByKAJzS0. In short you should look at using become on your tasks to bypass the WinRM limitations. Also Ansible can execute Python scripts, I'm not sure why you are saying it has error messages but the rc is 0 and there is nothing on the stderr so that looks like it ran correctly.

 Thank you very much for your reply. 

Regarding the restriction of WinRM, I will try the method you provided!

On the second question, I called the python script to execute the xcopy, and there was no error! But the document was not copied.

[Jordan Borean]

Yep, so the script ran but it didn't handle a failure on the xcopy it ran so it reported it was fine (even though no copy occurred). Because it is also dealing with network shares and mounted drives I would be quite certain that is going to be an issue due to the same reasons I stated with WinRM.

Thanks

Jordan

[1217...@qq.com]

I did some testing on these plans, but they all failed, I don't know what went wrong.

1. become-and-windows

I followed the instructions in the official document, but it didn't work.

2. kerberos

 the user will be able to access a network path with the connection user's variables?

Before connecting to a Windows domain account, kerberos was used to obtain user credentials.

Test the task script in this environment. the problem is still.

3. win_psexec

I used to use this tool to generate a network drive, and I tried this command just now, without success.

4. scheduled task

I haven't tried it here. Is it possible to call under JOBS in ansible tower?

Thanks

在 2018年3月19日星期一 UTC+8上午10:44:39，Jordan Borean写道：

[Jordan Borean]

You need to stop trying to map a network drive and then copying from that drive, as I said I don't believe it is possible and have never been able to get it working from a WinRM session. There are 2 ways you can do this currently, with Ansible 2.5 is out you can do this

become with become flags

- win_copy:
    src: \\192.168.20.13\WuhanTeam\100_test
    dest: C:\tools
  become: yes
  become_method: runas
  become_flags: logon_type=new_credentials logon_flags=netcredentials_only
  vars:
    ansible_become_user: xie11
    ansible_become_pass: 111111

Unfortunately the become_flags were not added until 2.5 so for older versions you need to do something like this

- win_shell: |
    $username = 'xie11'
    $password = '111111'
    $sec_password = ConvertTo-SecureString -String $password -AsPlainText -Force
    $credentials = New-Object -TypeName PSCredential -ArgumentList $username, $sec_password
    New-PSDrive -Name temp_path -PSProvider FileSystem -Root '\\192.168.20.13\WuhanTeam' -Credential $credential -Scope Script
    Copy-Item -Path temp_path:\100_test -DestinationPath C:\tools

That win_shell task, registers a temporary network path using a custom set of credentials and then copies the file from that temporary path with those credentials. This works because everything happens under that one script scope whereas running net use and then the xcopy commands as separate tasks do not (each task is run under a different shell)

Thanks

[1217...@qq.com]

Thank you very much for your reply. I tried to use win-shell, but there was a syntax error!

Because I can't understand this meaning, please help to see!

As follows:

- hosts: dbServer

  tasks:

  - name: shell

    - win_shell:

      $username: 'xie11'

      $password: '111111'

      $sec_password: ConvertTo-SecureString -String $password -AsPlainText -Force

      $credentials: New-Object -TypeName PSCredential -ArgumentList $username, $sec_password

      New-PSDrive -Name temp_path -PSProvider FileSystem -Root '\\192.168.20.13\WuhanTeam' -Credential $credentials -Scope Script

      Copy-Item -Path temp_path:\100_test -DestinationPath C:\tools

      

  - name: copy file

    win_copy:

      src: \\192.168.20.13\WuhanTeam\100_test

      dest: D:\tools

      remote_src: True

在 2018年3月19日星期一 UTC+8下午7:10:51，Jordan Borean写道：

[Jordan Borean]

You pretty much need to copy the win_shell task as it was (with any credential or path changes you need). You also don't need the win_copy tasks as the win_shell task will do that for you, I only provided that example to show you how it is easier to use become when 2.5 comes out.

In the future, when you say there are errors, please provide those errors itself as it makes it easier to see what is going on.

Thanks

Jordan

[1217...@qq.com]

Ok, it should be the syntax of win_shell. The error is as follows：

在 2018年3月21日星期三 UTC+8上午11:12:59，Jordan Borean写道：

[1217...@qq.com]

Hello, I think may be because of '-name' the problem, i deleted '-name', modified to the following code, can run.

But it gets stuck, probably because of other configuration issues like user passwords, and I'll look at the relevant documentation.thank you

- hosts: dbServer

  tasks:

  - win_shell: New-PSDrive -Name temp_path -PSProvider FileSystem -Root '\\192.168.20.13\WuhanTeam' -Credential New-Object -TypeName PSCredential -ArgumentList 'xie11', ConvertTo-SecureString -String '111111' -AsPlainText -Force -Scope Script

  

  - win_shell: Copy-Item -Path temp_path:\100_test -DestinationPath C:\tools

在 2018年3月21日星期三 UTC+8上午11:12:59，Jordan Borean写道：

You pretty much need to copy the win_shell task as it was (with any credential or path changes you need). You also don't need the win_copy tasks as the win_shell task will do that for you, I only provided that example to show you how it is easier to use become when 2.5 comes out.

[1217...@qq.com]

I have created a new ps1 file under Windows. I will put this code in it and call the file via ansible remote.

I will solve this problem. 

Thank you very much!

However, it is not clear that this code can only run once, and the second time will be wrong unless Windows is restarted.

在 2018年3月21日星期三 UTC+8上午11:12:59，Jordan Borean写道：

You pretty much need to copy the win_shell task as it was (with any credential or path changes you need). You also don't need the win_copy tasks as the win_shell task will do that for you, I only provided that example to show you how it is easier to use become when 2.5 comes out.

[1217...@qq.com]

I changed the playbook file to the following, no longer error, but the execution has been stuck in the win_shell step, why?

- hosts: dbServer

  tasks:

    - win_shell: "New-PSDrive -Name temp_path -PSProvider FileSystem -Root '\\\\192.168.227.198\\Microsoft SQL Server' -Credential New-Object -TypeName PSCredential -ArgumentList 'administrator', ConvertTo-SecureString -String 'Test123' -AsPlainText -Force -Scope Script

    Copy-Item -Path 'temp_path:\\130' -Destination C:\\tools -Recurse"

      register: result

    - debug:

      var: result

      verbosity: 2

在 2018年3月21日星期三 UTC+8上午11:12:59，Jordan Borean写道：

You pretty much need to copy the win_shell task as it was (with any credential or path changes you need). You also don't need the win_copy tasks as the win_shell task will do that for you, I only provided that example to show you how it is easier to use become when 2.5 comes out.