NTLM over HTTP with pywinrm master

[Giordano Bianchi]

Hello awx users,

Just a heads up to anyone that is trying to implement ansible/awx in an existing Windows environment:  this pull request (https://github.com/diyan/pywinrm/commit/f2fae367d3ac2abc3ed6fe9c7c17e6ffbac69e67) has been merged into the master branch of pywinrm, which enables NTLM encryption over HTTP. 

This means that in a Windows environment you will NOT need to enable HTTPS via the "ConfigureRemotingForAnsible.ps1" script nor disable encryption anymore; Ansible should just be able to connect via WINRM "out of the box".

If you don't want to wait for the next version of pywinrm to be released and to be added to the official channels you can just upgrade the pywirnm in the awx_task container. 

To get it to work on my environment I had to do the following:

• sudo docker exec -it awx_task bash (to enter the awx_task container)
• . /var/lib/awx/venv/ansible/bin/activate (to enter the awx virtual environment)
• pip install https://github.com/diyan/pywinrm/archive/master.zip --upgrade

After that you can just configure your inventory with these variables and you should be able to connect to any windows box without having to run the "ConfigureRemotingForAnsible.ps1" script. I tested it with Windows 2016 and 2012R2.

ansible_port = 5985

ansible_winrm_scheme= http

ansible_connection = winrm

ansible_winrm_transport = ntlm

FYI I'm not sure if it breaks anything else, so try it at your own risk, your mileage may vary, etc.

have a great weekend,

Giordy