Issue when trying to ping a windows host using Ansible
846 views
Skip to first unread message
Alstar Films
Mar 13, 2017, 9:38:27 AM3/13/17
to Ansible Project
Hi Guys,
This is literally my first day using Ansible and I am trying to connect to one of my windows 2012 host and using win_ping. I have a control server using Centos. I encountered a number of issues before I got to this point but now when I run ansible windows -i host.yml -m win_ping the error I get is ERROR! Unexpected Exception: dictionary update sequence element #0 has length 1; 2 is required
No idea where to look i even did a -vvvv and it says the same thing. Below are my 2 yml files
host.yml
[windows]
10.109.140.64
windows.yml
ansible_ssh_user:admin
ansible_ssh_pass:XXXXX
ansible_ssh_port:5985
ansible_connection:winrm
ansible_winrm_cert_validation:ignore
Brian Coca
Mar 13, 2017, 12:50:45 PM3/13/17
to Ansible Project
>host.yml
>
>[windows]
>
>10.109.140.64
that is not a yaml file, and the other one seems to be missing a space
after each :
----------
Brian Coca
>
>[windows]
>
>10.109.140.64
that is not a yaml file, and the other one seems to be missing a space
after each :
----------
Brian Coca
Alstar Films
Mar 13, 2017, 1:59:04 PM3/13/17
to Ansible Project
Hi Brian,
If i dont give a space after : in the windows.yml file then i get this error ""msg": "plaintext: the specified credentials were rejected by the server"," (Looks like a space is taken as a character entry" and thats why I removed the space after :
Now i am getting the error "ERROR! Unexpected Exception: dictionary update sequence element #0 has length 1; 2 is required"
Also what do u you mean when you say the the first one is not a yaml file?
---
[web]
XX.XXX.XXX.XX
Thanks
A
Brian Coca
Mar 13, 2017, 2:20:24 PM3/13/17
to Ansible Project
its not yaml format, also if you dont have a space after : its also
incorrect yaml.
----------
Brian Coca
incorrect yaml.
----------
Brian Coca
Alstar Films
Mar 13, 2017, 2:31:43 PM3/13/17
to Ansible Project
Hi,
Can you tell me what format should I be using so that I can correct the file?
cupcake
Mar 15, 2017, 6:43:41 PM3/15/17
to Ansible Project
I feel like with inventory files ive had better luck using = sign
Also the default winrm setting likely has basic auth set to false. if you run with -vvvvv it should should winrm debug and can see the auth type
cupcake
Mar 15, 2017, 9:12:26 PM3/15/17
to Ansible Project
IF you are connecting and NOT spec'ing a connect type I believe it goes kerberos first, then plaintext/basic.
you would need to check if basic is enabled via powershell (run powershell as admin to be safe)
you would need to check if basic is enabled via powershell (run powershell as admin to be safe)
winrm get winrm/config/service/auth
and it will return something like;
Auth Basic = false Kerberos = true Negotiate = true Certificate = false CredSSP = false CbtHardeningLevel = RelaxedIn order to make basic/plaintext function do this
PS C:\Windows\system32> winrm set winrm/config/service/auth '@{Basic="true"}'Auth Basic = true Kerberos = true Negotiate = true Certificate = false CredSSP = false CbtHardeningLevel = RelaxedSo basic = plaintext meaning you are sending your credentials in the clear. for testing this is probably OK, but realize that if you are going http port 5985 anyone can get the password pretty darn easy with a packet capture. I don't believe setting transport to ssl does anything in basic mode either.
Getting kerberos setup is more ideal for the long run, plus you wont have to create or embed some local account on all your machines.
Reply all
Reply to author
Forward
0 new messages