我正在configurationansible(CentOS 6.7)连接到使用http,winRM和Kerberos的Windows机器
从/etc/ansible/host文件中
[training] machinename:5985
我已经设置了主机特定的yaml文件
ansible_winrm_scheme: http ansible_port: 5985 ansible_connection: winrm
然后,下面的命令
ansible machinename -m win_ping -vvvv
以下错误
<machinename > ESTABLISH WINRM CONNECTION FOR USER: jnambood on PORT 5985 TO machinename <machinename > WINRM CONNECT: transport=plaintext endpoint=http://machinename :5985/wsman <machinename > WINRM CONNECTION ERROR: 401 Unauthorized. <machinename > WINRM CONNECT: transport=plaintext endpoint=https://machinename :5985/wsman <machinename > WINRM CONNECTION ERROR: 500 WinRMTransport. [Errno 1] _ssl.c:492: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol machinename | FAILED => 500 WinRMTransport. [Errno 1] _ssl.c:492: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Ansible试图http,得到了401错误。 我该如何解决?
如果你已经安装了kerberos模块,并且ansible_user包含@(例如username @ realm),Ansible将首先尝试Kerberos身份validation。 此方法使用在控制机器上validationKerberos的主体而不是
ansible_user。 如果失败,或者因为您没有在控制机器上loginKerberos,或者因为远程主机上相应的域帐户不可用,则Ansible将回退到“普通”用户名/密码身份validation。 〜Ansible Windows介绍
$ cat ansible/group_vars/os-windows.yml # <user>@<realm> means use principal in krb5cc, name here doesn't matter ansible_ssh_user: use@KERBEROS ansible_ssh_port: 5985 ansible_connection: winrm $ ansible host.ad.example.com -m win_ping -o host.ad.example.com | success >> {"changed": false, "ping": "pong"}