We are testing ansible with our automation projects , we have a lot of VM’s and & PC’s.
I’m trying to get ansible working and stuck here , I’ve got it installed on a VM CENTOS Machine . And on a windows machine too .
I’m stuck in the connection phase between them, the kerberos is not working , I think I need to install the kerberos server on the linux VM to make it work .
But if we do not need any authentications , we dont need kerberos, can’t we do it through simple SSH connection ?
I’ll be thankful if somebody can help me with this issue .
No you can’t do ssh connections to (unmodified) windows machines at the moment, unfortunately.
Even if you did set up a third-party ssh server on windows, to use the ansible windows modules, you have to be using ‘winrm’ transport, and would likely have to go to a lot of trouble to allow suitable access rights so that you could do useful managment activities, such as installing software.
Its true you do not have to use kerberos, but you will still need to connect as a user with sufficient privileges to allow you to perform administrative tasks.
You only actually need to set up kerberos client and configure /etc/krb5.conf to point at your existing Active Directory domain controllers in order to use windows domain users.
A list of authentication options that are available to a Windows host through WinRM are shown here http://docs.ansible.com/ansible/intro_windows.html#authentication-options. In short if you need to authenticate with a domain account Kerberos is recommended as it is the most secure but NTLM and CredSSP are other options if Kerberos isn't a choice in your environment for whatever reason.
Regardless of the auth option you will need to use an account that is a local administrator of your box due to the security requirements of WinRM. There are ways to allow a lower priviledged account access but that is quite complex and should be ignored until you first get a successful connection.