So does user and pass above refer to the local linux account on the management node or the local windows account on the remote node (windows 7) or is it just part of ansible-vault or something else all together? I think it would have to be the management node account or else if you had 100 remote nodes you would need 100 names and passwords. Am I understanding this correctly? Could someone clarify for me?
It will be the remote nodes. In lots of cases these are all the same
(lots of setups have the same management account with the same
credentials on the managed nodes). And if you need to specify per-host
variables for the remote nodes you can do that as well in your
inventory.
So then when I run ansible with the --ask-pass switch and it asks me for SSH password, ansible_ssh_pass is the password they want or is that a different password.
Okay this is fixed. The values assigned to the variables “ansible_ssh_user” and “ansible_ssh_pass” must:
Exactly match an account on the windows machine with admin privileges (account must exist but need NOT be current active login)
If you are using SSL and the value of winrm/config/service/AllowUnencrypted is true (this is the default) the values in ansible\group_vars\windows.yml must exactly match the username and password that was submitted to generate the SSL web certificate.
In my case I also had to append the computer name with the port number in the inventory like this
[windows]
ComputerName:5986
(or 5985 for AllowUnedcrypted=“true” type this command in powershell PS C:\winrm set winrm/config/service ‘@{AllowUnencrypted=“true”}’