I am new to Ansible and trying to enable CredSSP to use AD authentication for my Windows host(Basic authentication works fine). I have added a group_var file with the following information
ansible_connection: winrm
ansible_user: testuser@company.com
ansible_password: password
ansible_port: 5986
ansible_winrm_transport: credssp
ansible_winrm_server_cert_validation: ignore
ansible_winrm_credssp_disable_tlsv1_2: true
flex_win_service_name: test_service
Here is my host file
[win_sandbox:children]
win_testhost
[win_testhost]
testhost.company…com
Here is my playbook:
-
hosts: win_sandbox
roles:
- win_common
Here is the command output:
$ ansible-playbook -i hosts/sandbox_hosts sandbox_rpstart_playbook.yml --vault-id @prompt -vvvvv
ansible-playbook 2.5.3
config file = /ansible/RP/playbooks/ansible.cfg
configured module search path = [u’/export/home/algsglp1/.ansible/plugins/modules’, u’/usr/share/ansible/plugins/modules’]
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 2.7.5 (default, May 3 2017, 07:55:04) [GCC 4.8.5 20150623 (Red Hat 4.8.5-14)]
Using /ansible/RP/playbooks/ansible.cfg as config file
Vault password (default):
setting up inventory plugins
Parsed /ansible/RP/playbooks/hosts/sandbox_hosts inventory source with ini plugin
Loading callback plugin default of type stdout, v2.0 from /usr/lib/python2.7/site-packages/ansible/plugins/callback/default.pyc
PLAYBOOK: sandbox_rpstart_playbook.yml ********************************************************************
1 plays in sandbox_rpstart_playbook.yml
PLAY [win_sandbox] ****************************************************************************************
Found a vault_id (default) in the vaulttext
We have a secret associated with vault id (default), will try to use to decrypt /ansible/RP/hosts/group_vars/win_rrptglt6
Trying to use vault secret=(<ansible.parsing.vault.PromptVaultSecret object at 0x34045d0>) id=default to decrypt /ansible/RP/hosts/group_vars/win_rrptglt6
Trying secret <ansible.parsing.vault.PromptVaultSecret object at 0x34045d0> for vault_id=default
Decrypt of “/ansible/RP/hosts/group_vars/win_rrptglt6” successful with secret=<ansible.parsing.vault.PromptVaultSecret object at 0x34045d0> and vault_id=default
TASK [Gathering Facts] ************************************************************************************
task path: /ansible/RP/playbooks/sandbox_rpstart_playbook.yml:11
Using module file /usr/lib/python2.7/site-packages/ansible/modules/windows/setup.ps1
<testhost.domain.com> ESTABLISH WINRM CONNECTION FOR USER: testuser@company.com on PORT 5986 TO testhost.domain.com
checking if winrm_host testhost.domain.com is an IPv6 address
<testhost.domain.com> WINRM CONNECT: transport=credssp endpoint=https:/testhost.domain.com:5986/wsman
<testhost.domain.com> WINRM CONNECTION ERROR: Required argument ‘socket’ (pos 2) not found
Traceback (most recent call last):
File “/usr/lib/python2.7/site-packages/ansible/plugins/connection/winrm.py”, line 356, in _winrm_connect
self.shell_id = protocol.open_shell(codepage=65001) # UTF-8
File “/usr/lib/python2.7/site-packages/winrm/protocol.py”, line 157, in open_shell
res = self.send_message(xmltodict.unparse(req))
File “/usr/lib/python2.7/site-packages/winrm/protocol.py”, line 234, in send_message
resp = self.transport.send_message(message)
File “/usr/lib/python2.7/site-packages/winrm/transport.py”, line 256, in send_message
response = self._send_message_request(prepared_request, message)
File “/usr/lib/python2.7/site-packages/winrm/transport.py”, line 261, in _send_message_request
response = self.session.send(prepared_request, timeout=self.read_timeout_sec)
File “/usr/lib/python2.7/site-packages/requests/sessions.py”, line 629, in send
r = dispatch_hook(‘response’, hooks, r, **kwargs)
File “/usr/lib/python2.7/site-packages/requests/hooks.py”, line 31, in dispatch_hook
_hook_data = hook(hook_data, **kwargs)
File “/usr/lib/python2.7/site-packages/requests_credssp/credssp.py”, line 447, in response_hook
response = self.handle_401(response, **kwargs)
File “/usr/lib/python2.7/site-packages/requests_credssp/credssp.py”, line 464, in handle_401
out_token, step_name = next(credssp_gen)
File “/usr/lib/python2.7/site-packages/requests_credssp/credssp.py”, line 78, in credssp_generator
self.tls_connection = SSL.Connection(self.tls_context)
TypeError: Required argument ‘socket’ (pos 2) not found
fatal: [testhost.domain.com]: UNREACHABLE! => {
“changed”: false,
“msg”: “credssp: Required argument ‘socket’ (pos 2) not found”,
“unreachable”: true
}
to retry, use: --limit @/ansible/ESO/RP/playbooks/sandbox_rpstart_playbook.retry
PLAY RECAP ************************************************************************************************
testhost.domain.com : ok=0 changed=0 unreachable=1 failed=0
I have followed the document http://devopstechie.com/ansible-manage-windows-machine-with-ansible-by-credssp/ for this. Here is my pip list and ansible version.
$ pip list
Package Version