Ansible issues with Windows deployment

I use ansible to operate Windows, there are many problems!

As follows:

1. Use win_copy to copy the Shared directory or the middle file times of the network drive disk!

My Syntax is here ,

tasks:

• name: copy file

win_copy:

src: \192.168.227.181\2.0.0\pys

dest: C:\tools

remote_src: True

The execution result:

ubuntu@xll-ubuntu:~$ ansible-playbook /etc/ansible/test.yml -vvv

ansible-playbook 2.4.3.0

config file = /etc/ansible/ansible.cfg

configured module search path = [u’/home/ubuntu/.ansible/plugins/modules’, u’/usr/share/ansible/plugins/modules’]

ansible python module location = /home/ubuntu/.local/lib/python2.7/site-packages/ansible

executable location = /usr/bin/ansible-playbook

python version = 2.7.12 (default, Dec 4 2017, 14:50:18) [GCC 5.4.0 20160609]

Using /etc/ansible/ansible.cfg as config file

Parsed /etc/ansible/hosts inventory source with ini plugin

PLAYBOOK: test.yml ********************************************************************************************************************************************************************************************

1 plays in /etc/ansible/test.yml

PLAY [dbServer] ***********************************************************************************************************************************************************************************************

TASK [Gathering Facts] ****************************************************************************************************************************************************************************************

Using module file /home/ubuntu/.local/lib/python2.7/site-packages/ansible/modules/windows/setup.ps1

<192.168.227.196> ESTABLISH WINRM CONNECTION FOR USER: administrator on PORT 5986 TO 192.168.227.196

EXEC (via pipeline wrapper)

ok: [192.168.227.196]

META: ran handlers

TASK [拷贝文件 到目标服务器上] *******************************************************************************************************************************************************************************************

task path: /etc/ansible/test.yml:4

Using module file /home/ubuntu/.local/lib/python2.7/site-packages/ansible/modules/windows/win_copy.ps1

<192.168.227.196> ESTABLISH WINRM CONNECTION FOR USER: administrator on PORT 5986 TO 192.168.227.196

EXEC (via pipeline wrapper)

fatal: [192.168.227.196]: FAILED! => {

“changed”: false,

“dest”: “C:\tools”,

“module_stderr”: “Exception calling "Run" with "1" argument(s): "Exception calling "Invoke" with \r\n"0" argument(s): "The running command stopped because the preference variable "\r\nErrorActionPreference" or common parameter is set to Stop: 拒绝访问。""\r\nAt line:47 char:5\r\n+ $output = $entrypoint.Run($payload)\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : NotSpecified: ( , ParentContainsErrorRecordE \r\n xception\r\n + FullyQualifiedErrorId : ScriptMethodRuntimeException\r\n \r\n”,

“module_stdout”: “”,

“msg”: “MODULE FAILURE”,

“rc”: 1,

“src”: “\\192.168.227.181\2.0.0\pys”

}

to retry, use: --limit @/etc/ansible/test.retry

PLAY RECAP ****************************************************************************************************************************************************************************************************

192.168.227.196 : ok=1 changed=0 unreachable=0 failed=1

2. It is not possible to call python script replication through win_command, without error messages.(it’s okay to do python on Windows)

This is failing because of the reasons I explained in your other question https://groups.google.com/forum/#!topic/ansible-project/Jz9ByKAJzS0. In short you should look at using become on your tasks to bypass the WinRM limitations. Also Ansible can execute Python scripts, I’m not sure why you are saying it has error messages but the rc is 0 and there is nothing on the stderr so that looks like it ran correctly.

在 2018年3月16日星期五 UTC+8下午5:09:30，Jordan Borean写道：

This is failing because of the reasons I explained in your other question https://groups.google.com/forum/#!topic/ansible-project/Jz9ByKAJzS0. In short you should look at using become on your tasks to bypass the WinRM limitations. Also Ansible can execute Python scripts, I’m not sure why you are saying it has error messages but the rc is 0 and there is nothing on the stderr so that looks like it ran correctly.

Thank you very much for your reply.
Regarding the restriction of WinRM, I will try the method you provided!

On the second question, I called the python script to execute the xcopy, and there was no error! But the document was not copied.

Yep, so the script ran but it didn’t handle a failure on the xcopy it ran so it reported it was fine (even though no copy occurred). Because it is also dealing with network shares and mounted drives I would be quite certain that is going to be an issue due to the same reasons I stated with WinRM.

Thanks

Jordan

I did some testing on these plans, but they all failed, I don’t know what went wrong.

1. become-and-windows
   I followed the instructions in the official document, but it didn’t work.

2. kerberos
   the user will be able to access a network path with the connection user’s variables?

Before connecting to a Windows domain account, kerberos was used to obtain user credentials.

Test the task script in this environment. the problem is still.

3. win_psexec
   I used to use this tool to generate a network drive, and I tried this command just now, without success.

4. scheduled task
   I haven’t tried it here. Is it possible to call under JOBS in ansible tower?

Thanks

在 2018年3月19日星期一 UTC+8上午10:44:39，Jordan Borean写道：

You need to stop trying to map a network drive and then copying from that drive, as I said I don’t believe it is possible and have never been able to get it working from a WinRM session. There are 2 ways you can do this currently, with Ansible 2.5 is out you can do this

become with become flags

`

• win_copy:
  src: \192.168.20.13\WuhanTeam\100_test
  dest: C:\tools
  become: yes
  become_method: runas
  become_flags: logon_type=new_credentials logon_flags=netcredentials_only
  vars:
  ansible_become_user: xie11
  ansible_become_pass: 111111

`

Unfortunately the become_flags were not added until 2.5 so for older versions you need to do something like this

`

• win_shell: |
  $username = ‘xie11’
  $password = ‘111111’
  $sec_password = ConvertTo-SecureString -String $password -AsPlainText -Force
  $credentials = New-Object -TypeName PSCredential -ArgumentList $username, $sec_password
  New-PSDrive -Name temp_path -PSProvider FileSystem -Root ‘\192.168.20.13\WuhanTeam’ -Credential $credential -Scope Script
  Copy-Item -Path temp_path:\100_test -DestinationPath C:\tools

`

That win_shell task, registers a temporary network path using a custom set of credentials and then copies the file from that temporary path with those credentials. This works because everything happens under that one script scope whereas running net use and then the xcopy commands as separate tasks do not (each task is run under a different shell)

Thanks

Thank you very much for your reply. I tried to use win-shell, but there was a syntax error!

Because I can’t understand this meaning, please help to see!

As follows:

• hosts: dbServer

tasks:

• name: shell

• win_shell:

$username: ‘xie11’

$password: ‘111111’

$sec_password: ConvertTo-SecureString -String $password -AsPlainText -Force

$credentials: New-Object -TypeName PSCredential -ArgumentList $username, $sec_password

New-PSDrive -Name temp_path -PSProvider FileSystem -Root ‘\192.168.20.13\WuhanTeam’ -Credential $credentials -Scope Script

Copy-Item -Path temp_path:\100_test -DestinationPath C:\tools

• name: copy file

win_copy:

src: \192.168.20.13\WuhanTeam\100_test

dest: D:\tools

remote_src: True

在 2018年3月19日星期一 UTC+8下午7:10:51，Jordan Borean写道：

You pretty much need to copy the win_shell task as it was (with any credential or path changes you need). You also don’t need the win_copy tasks as the win_shell task will do that for you, I only provided that example to show you how it is easier to use become when 2.5 comes out.

In the future, when you say there are errors, please provide those errors itself as it makes it easier to see what is going on.

Thanks

Jordan

Ok, it should be the syntax of win_shell. The error is as follows：

在 2018年3月21日星期三 UTC+8上午11:12:59，Jordan Borean写道：

Hello, I think may be because of ‘-name’ the problem, i deleted ‘-name’, modified to the following code, can run.
But it gets stuck, probably because of other configuration issues like user passwords, and I’ll look at the relevant documentation.thank you

• hosts: dbServer

tasks:

• win_shell: New-PSDrive -Name temp_path -PSProvider FileSystem -Root ‘\192.168.20.13\WuhanTeam’ -Credential New-Object -TypeName PSCredential -ArgumentList ‘xie11’, ConvertTo-SecureString -String ‘111111’ -AsPlainText -Force -Scope Script

• win_shell: Copy-Item -Path temp_path:\100_test -DestinationPath C:\tools

在 2018年3月21日星期三 UTC+8上午11:12:59，Jordan Borean写道：

I have created a new ps1 file under Windows. I will put this code in it and call the file via ansible remote.
I will solve this problem.
Thank you very much!
However, it is not clear that this code can only run once, and the second time will be wrong unless Windows is restarted.

在 2018年3月21日星期三 UTC+8上午11:12:59，Jordan Borean写道：

I changed the playbook file to the following, no longer error, but the execution has been stuck in the win_shell step, why?

• hosts: dbServer

tasks:

• win_shell: “New-PSDrive -Name temp_path -PSProvider FileSystem -Root ‘\\192.168.227.198\Microsoft SQL Server’ -Credential New-Object -TypeName PSCredential -ArgumentList ‘administrator’, ConvertTo-SecureString -String ‘Test123’ -AsPlainText -Force -Scope Script
  Copy-Item -Path ‘temp_path:\130’ -Destination C:\tools -Recurse”
  register: result

• debug:
  var: result
  verbosity: 2

在 2018年3月21日星期三 UTC+8上午11:12:59，Jordan Borean写道：