Ansible CredSSP configuration to connect to Windows Host

361 views
Skip to first unread message

NirMur

unread,
Jul 6, 2018, 5:43:28 PM7/6/18
to Ansible Project

I am new to Ansible and trying to enable CredSSP to use AD authentication for my Windows host(Basic authentication works fine). I have added a group_var file with the following information

ansible_connection: winrm
ansible_user: test...@company.com
ansible_password: password
ansible_port: 5986
ansible_winrm_transport: credssp
ansible_winrm_server_cert_validation: ignore
ansible_winrm_credssp_disable_tlsv1_2: true
flex_win_service_name: test_service

Here is my host file
[win_sandbox:children]
win_testhost

[win_testhost]
testhost.company..com

Here is my playbook:

  • hosts: win_sandbox

    roles:

    • win_common

Here is the command output:
$ ansible-playbook -i hosts/sandbox_hosts sandbox_rpstart_playbook.yml --vault-id @prompt -vvvvv
ansible-playbook 2.5.3
config file = /ansible/RP/playbooks/ansible.cfg
configured module search path = [u'/export/home/algsglp1/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 2.7.5 (default, May 3 2017, 07:55:04) [GCC 4.8.5 20150623 (Red Hat 4.8.5-14)]
Using /ansible/RP/playbooks/ansible.cfg as config file
Vault password (default):
setting up inventory plugins
Parsed /ansible/RP/playbooks/hosts/sandbox_hosts inventory source with ini plugin
Loading callback plugin default of type stdout, v2.0 from /usr/lib/python2.7/site-packages/ansible/plugins/callback/default.pyc

PLAYBOOK: sandbox_rpstart_playbook.yml ********************************************************************
1 plays in sandbox_rpstart_playbook.yml

PLAY [win_sandbox] ****************************************************************************************
Found a vault_id (default) in the vaulttext
We have a secret associated with vault id (default), will try to use to decrypt /ansible/RP/hosts/group_vars/win_rrptglt6
Trying to use vault secret=(<ansible.parsing.vault.PromptVaultSecret object at 0x34045d0>) id=default to decrypt /ansible/RP/hosts/group_vars/win_rrptglt6
Trying secret <ansible.parsing.vault.PromptVaultSecret object at 0x34045d0> for vault_id=default
Decrypt of "/ansible/RP/hosts/group_vars/win_rrptglt6" successful with secret=<ansible.parsing.vault.PromptVaultSecret object at 0x34045d0> and vault_id=default

TASK [Gathering Facts] ************************************************************************************
task path: /ansible/RP/playbooks/sandbox_rpstart_playbook.yml:11
Using module file /usr/lib/python2.7/site-packages/ansible/modules/windows/setup.ps1
<testhost.domain.com> ESTABLISH WINRM CONNECTION FOR USER: test...@company.com on PORT 5986 TO testhost.domain.com
checking if winrm_host testhost.domain.com is an IPv6 address
<testhost.domain.com> WINRM CONNECT: transport=credssp endpoint=https:/testhost.domain.com:5986/wsman
<testhost.domain.com> WINRM CONNECTION ERROR: Required argument 'socket' (pos 2) not found
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/winrm.py", line 356, in _winrm_connect
self.shell_id = protocol.open_shell(codepage=65001) # UTF-8
File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 157, in open_shell
res = self.send_message(xmltodict.unparse(req))
File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 234, in send_message
resp = self.transport.send_message(message)
File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 256, in send_message
response = self._send_message_request(prepared_request, message)
File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 261, in _send_message_request
response = self.session.send(prepared_request, timeout=self.read_timeout_sec)
File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 629, in send
r = dispatch_hook('response', hooks, r, **kwargs)
File "/usr/lib/python2.7/site-packages/requests/hooks.py", line 31, in dispatch_hook
_hook_data = hook(hook_data, **kwargs)
File "/usr/lib/python2.7/site-packages/requests_credssp/credssp.py", line 447, in response_hook
response = self.handle_401(response, **kwargs)
File "/usr/lib/python2.7/site-packages/requests_credssp/credssp.py", line 464, in handle_401
out_token, step_name = next(credssp_gen)
File "/usr/lib/python2.7/site-packages/requests_credssp/credssp.py", line 78, in credssp_generator
self.tls_connection = SSL.Connection(self.tls_context)
TypeError: Required argument 'socket' (pos 2) not found

fatal: [testhost.domain.com]: UNREACHABLE! => {
"changed": false,
"msg": "credssp: Required argument 'socket' (pos 2) not found",
"unreachable": true
}
to retry, use: --limit @/ansible/ESO/RP/playbooks/sandbox_rpstart_playbook.retry

PLAY RECAP ************************************************************************************************
testhost.domain.com : ok=0 changed=0 unreachable=1 failed=0

I have followed the document http://devopstechie.com/ansible-manage-windows-machine-with-ansible-by-credssp/ for this. Here is my pip list and ansible version.

$ pip list
Package Version

ansible 2.5.3
asn1crypto 0.24.0
Babel 0.9.6
backports.ssl-match-hostname 3.4.0.2
certifi 2018.4.16
cffi 1.11.5
chardet 3.0.4
configobj 4.7.2
cryptography 2.2.2
decorator 3.4.0
docker-py 1.10.6
docker-pycreds 0.2.1
enum34 1.0.4
ethtool 0.8
httplib2 0.9.2
idna 2.7
iniparse 0.4
ipaddress 1.0.16
IPy 0.75
isodate 0.5.0
javapackages 1.0.0
Jinja2 2.7.2
jmespath 0.9.0
kitchen 1.1.1
langtable 0.0.31
lxml 3.2.1
M2Crypto 0.21.1
Magic-file-extensions 0.2
MarkupSafe 0.11
ntlm-auth 1.1.0
paramiko 2.1.1
passlib 1.6.5
pciutils 1.7.3
perf 0.1
pip 10.0.1
ply 3.4
policycoreutils-default-encoding 0.1
pulp-agent 2.8.7.17
pulp-common 2.8.7.17
pulp-rpm-common 2.8.7
pulp-rpm-handlers 2.8.7
pyasn1 0.4.3
pycparser 2.14
pycrypto 2.6.1
pycurl 7.19.0
pygobject 3.22.0
pygpgme 0.3
pyliblzma 0.5.3
pyOpenSSL 18.0.0
pyparsing 1.5.6
python-augeas 0.5.0
python-dateutil 1.5
python-dmidecode 3.12.2
python-keyczar 0.71rc0
python-linux-procfs 0.4.9
pytoml 0.1.14
pyudev 0.15
pywinrm 0.3.0
pyxattr 0.5.1
PyYAML 3.10
redhat-access-insights 1.0.13
registries 0.1
requests 2.19.1
requests-credssp 1.0.0
requests-ntlm 1.1.0
rhnlib 2.5.65
rhsm 1.19.10
schedutils 0.4
seobject 0.1
sepolicy 1.1
setuptools 0.9.8
six 1.9.0
slip 0.4.0
slip.dbus 0.4.0
SSSDConfig 1.15.2
subscription-manager 1.19.23
urlgrabber 3.10
urllib3 1.23
websocket-client 0.32.0
wheel 0.31.1
xmltodict 0.9.0
yum-langpacks 0.4.2
yum-metadata-parser 1.1.4
$

Please help if I need to do anything else?

Reply all
Reply to author
Forward
0 new messages