Getting Ansible to work well with my IT Environment

I’ve been tinkering with Ansible (free edition, not tower) for about two years.
I am getting a feel for what kinds of environment I can deploy this with success to make my job easier. In certain cases, clients cannot afford certain kinds of technology like RMM tools and even Active Directory tools, but ansible makes it economical for them, and it allows me and them to scale - at least from an IT administration perpective.

I am curious to know what are the system requirements needed for control nodes and host nodes?
How do I size for my environment?
How can I alter my control node to suit different environments?

Please allow me to explain my ansible performance experience/journey:
I built a Virtual test environment on Windows 10 Hyper V where I have a ubuntu server serving as the Ansible Control node, and I have 2 hosts (clients) as Windows Virtual Machines (Windows 10 and 11 with WinRM configured) on the same network.
I have used certificate authentication to establish connection and works well with win_ping module and even win_shell module. I have used playbooks and inventories to do things like doing printer installs, retrieve all printers installed etc. I can run the same playbooks in succession via command line and I have no challenges. Things work as expected.
System Specs of Test Environment:
Control Node:Ubuntu Server, Ansible 2.10.8, Python 3.10.12 CPU: x 2: Model name: Intel(R) Core™ i7-8700 CPU @ 3.20GHz (8th Gen) RAM: 1.9 GB Virtual Adapter Speed: 1Gbps
Windows Hosts: CPU: x 2: Model name: Intel(R) Core™ i7-8700 CPU @ 3.20GHz (8th Gen) RAM: 1.9 GB Virtual Adapter Speed: 1Gbps

When I move to my live/ or production environment - I have varying results!
I will post two sets of results from my production environment below - consisting of 2 Branches/locations. I will only execute playbooks per location to make things simple. I want you to observe that when a simple playbook is run (with is the ping playbook), I get the majority of responses and it runs well.
When I run a more complex playbook soon after to gather some hardware information, I get mixed results.(Please note that I am aware of some connection issues due to hosts being offline and some connection authentication issues - but pay attention to the machines what work well with my ping playbook, but for some reason is unavailable or partially available for hardware information gathering one!

My live environment is all Windows 10 Computers with varying age of PCs, from brand new with Good system requirements (Intel 10th to 12th Gen processors, 8GB of RAM,) to computers that are 12 to 15 years old with 4GB RAM! (With Gigabit Ethernet connection, 4GB RAM, 12-15 year old processors).

BRANCH A RESULTS :(ANSIBLE CONTROL NODE AT BRANCH B AND EXECUTED OVER VPN ON HOSTS AT BRANCH A):

mramanan@ansible1:/etc/ansible$ ansible-playbook -i Inventory/macoya_inventory.ini Playbooks/win_ping.yml 

PLAY [Test Windows Host Connectivity] ******************************************

TASK [Ping Windows Hosts] ******************************************************
ok: [3060mkttun2]
ok: [Len710tuna1]
ok: [dell3070-carlho]
ok: [csrtuna13060]
fatal: [Dellopt9020pos1]: UNREACHABLE! => {"changed": false, "msg": "certificate: the specified credentials were rejected by the server", "unreachable": true}
ok: [claims-tuna2]
ok: [LEN710TUNA2]
ok: [Carl-home-3040]
ok: [hgicl-pc-kamille]
fatal: [dell3070-ashley]: UNREACHABLE! => {"changed": false, "msg": "certificate: HTTPSConnectionPool(host=&apos;172.22.248.209&apos;, port=5986): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7fb0ca57b310>, &apos;Connection to 172.22.248.209 timed out. (connect timeout=30)&apos;))", "unreachable": true}
fatal: [11sgdell1]: UNREACHABLE! => {"changed": false, "msg": "certificate: HTTPSConnectionPool(host=&apos;172.22.248.213&apos;, port=5986): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7fb0ca587d90>, &apos;Connection to 172.22.248.213 timed out. (connect timeout=30)&apos;))", "unreachable": true}
fatal: [3060MKTTUN1MELISSA]: UNREACHABLE! => {"changed": false, "msg": "certificate: HTTPSConnectionPool(host=&apos;172.22.248.201&apos;, port=5986): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7fb0ca545960>, &apos;Connection to 172.22.248.201 timed out. (connect timeout=30)&apos;))", "unreachable": true}

PLAY RECAP *********************************************************************
11sgdell1                  : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0   
3060MKTTUN1MELISSA         : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0   
3060mkttun2                : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
Carl-home-3040             : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
Dellopt9020pos1            : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0   
LEN710TUNA2                : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
Len710tuna1                : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
claims-tuna2               : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
csrtuna13060               : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
dell3070-ashley            : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0   
dell3070-carlho            : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
hgicl-pc-kamille           : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

mramanan@ansible:/etc/ansible$ ansible-playbook -i Inventory/macoya_inventory.ini Playbooks/hardware_requirements3.yml 

PLAY [Gather Hardware Requirements on Windows Hosts] ***************************

TASK [Gathering Facts] *********************************************************
ok: [3060mkttun2]
ok: [claims-tuna2]
ok: [Len710tuna1]
fatal: [dell3070-carlho]: UNREACHABLE! => {"changed": false, "msg": "certificate: ", "unreachable": true}
fatal: [Dellopt9020pos1]: UNREACHABLE! => {"changed": false, "msg": "certificate: the specified credentials were rejected by the server", "unreachable": true}
fatal: [Carl-home-3040]: UNREACHABLE! => {"changed": false, "msg": "certificate: ", "unreachable": true}
ok: [LEN710TUNA2]
fatal: [dell3070-ashley]: UNREACHABLE! => {"changed": false, "msg": "certificate: HTTPSConnectionPool(host=&apos;172.22.248.209&apos;, port=5986): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7fba45534730>, &apos;Connection to 172.22.248.209 timed out. (connect timeout=30)&apos;))", "unreachable": true}
fatal: [csrtuna13060]: UNREACHABLE! => {"changed": false, "msg": "certificate: ", "unreachable": true}
fatal: [11sgdell1]: UNREACHABLE! => {"changed": false, "msg": "certificate: HTTPSConnectionPool(host=&apos;172.22.248.213&apos;, port=5986): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7fba455540d0>, &apos;Connection to 172.22.248.213 timed out. (connect timeout=30)&apos;))", "unreachable": true}
fatal: [3060MKTTUN1MELISSA]: UNREACHABLE! => {"changed": false, "msg": "certificate: HTTPSConnectionPool(host=&apos;172.22.248.201&apos;, port=5986): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7fba455688e0>, &apos;Connection to 172.22.248.201 timed out. (connect timeout=30)&apos;))", "unreachable": true}
[WARNING]: Failed to collection winrm due to timeout
ok: [hgicl-pc-kamille]

TASK [Fetch CPU Information] ***************************************************
changed: [3060mkttun2]
changed: [claims-tuna2]
fatal: [Len710tuna1]: UNREACHABLE! => {"changed": false, "msg": "certificate: ", "unreachable": true}
fatal: [LEN710TUNA2]: UNREACHABLE! => {"changed": false, "msg": "certificate: ", "unreachable": true}
fatal: [hgicl-pc-kamille]: UNREACHABLE! => {"changed": false, "msg": "certificate: ", "unreachable": true}

TASK [Fetch RAM Information] ***************************************************
changed: [3060mkttun2]
changed: [claims-tuna2]

TASK [Fetch Disk Information] **************************************************
changed: [3060mkttun2]
changed: [claims-tuna2]

TASK [Fetch Network Adapter Information] ***************************************
changed: [3060mkttun2]
changed: [claims-tuna2]

TASK [Display CPU Information] *************************************************
ok: [claims-tuna2] => {
"msg": {
"ClockSpeed": "2400MHz",
"Cores": 2,
"LogicalProcessors": 2,
"Name": "Intel(R) Pentium(R) Dual  CPU  E2220  @ 2.40GHz"
}
}
ok: [3060mkttun2] => {
"msg": {
"ClockSpeed": "3000MHz",
"Cores": 6,
"LogicalProcessors": 6,
"Name": "Intel(R) Core(TM) i5-8500 CPU @ 3.00GHz"
}
}

TASK [Display RAM Information] *************************************************
ok: [claims-tuna2] => {
"msg": {
"FreePhysicalMemory": "1.89MB",
"TotalPhysicalMemory": "5.86GB"
}
}
ok: [3060mkttun2] => {
"msg": {
"FreePhysicalMemory": "3.52MB",
"TotalPhysicalMemory": "7.83GB"
}
}

TASK [Display Disk Information] ************************************************
ok: [claims-tuna2] => {
"msg": {
"FreeSpace": "394.02GB",
"Size": "465.22GB",
"Volume": "C:"
}
}
ok: [3060mkttun2] => {
"msg": {
"FreeSpace": "862.48GB",
"Size": "929.77GB",
"Volume": "C:"
}
}

TASK [Display Network Adapter Information] *************************************
ok: [claims-tuna2] => {
"msg": {
"MACAddress": "00:21:70:10:C0:0E",
"Name": "Intel(R) 82566DM-2 Gigabit Network Connection",
"Speed": "1000 Mbps"
}
}
ok: [3060mkttun2] => {
"msg": {
"MACAddress": "E4:54:E8:78:38:47",
"Name": "Realtek PCIe GbE Family Controller",
"Speed": "1000 Mbps"
}
}

PLAY RECAP *********************************************************************
11sgdell1                  : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0   
3060MKTTUN1MELISSA         : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0   
3060mkttun2                : ok=9   changed=4    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
Carl-home-3040             : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0   
Dellopt9020pos1            : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0   
LEN710TUNA2                : ok=1    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0   
Len710tuna1                : ok=1    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0   
claims-tuna2               : ok=9   changed=4    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
csrtuna13060               : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0   
dell3070-ashley            : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0   
dell3070-carlho            : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0   
hgicl-pc-kamille           : ok=1    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0   



BRANCH B RESULTS :(ANSIBLE CONTROL NODE AT BRANCH B AND EXECUTED OVER SAME NETWORK AS HOSTS AT BRANCH B):

mramanan@ansible1:/etc/ansible$ ansible-playbook -i Inventory/sangregrande_invnetory.ini Playbooks/win_ping.yml 

PLAY [Test Windows Host Connectivity] ***************************************************************************************************************

TASK [Ping Windows Hosts] ***************************************************************************************************************************
fatal: [csr4-sg-optiplex]: UNREACHABLE! => {"changed": false, "msg": "certificate: An attempt has been made to operate on an impersonation token by a thread that is not currently impersonating a client.  (extended fault data: {&apos;transport_message&apos;: &apos;Bad HTTP response returned from server. Code 500&apos;, &apos;http_status_code&apos;: 500, &apos;wsmanfault_code&apos;: &apos;1309&apos;, &apos;fault_code&apos;: &apos;s:Receiver&apos;, &apos;fault_subcode&apos;: &apos;w:InternalError&apos;})", "unreachable": true}
ok: [accounts-3]
ok: [csr3-pc]
ok: [desktop-0q9mqhr]
ok: [kumarsgrande]
ok: [csr2-pc-new]
ok: [supervisor-pc]
ok: [renewals1-opti3]
fatal: [processing1-pc]: UNREACHABLE! => {"changed": false, "msg": "certificate: HTTPSConnectionPool(host=&apos;172.16.1.5&apos;, port=5986): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f8d78f6f310>, &apos;Connection to 172.16.1.5 timed out. (connect timeout=30)&apos;))", "unreachable": true}
fatal: [sgrandecsr1-new]: UNREACHABLE! => {"changed": false, "msg": "certificate: HTTPSConnectionPool(host=&apos;172.16.222.42&apos;, port=5986): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f8d78f73490>, &apos;Connection to 172.16.222.42 timed out. (connect timeout=30)&apos;))", "unreachable": true}
ok: [csr4-pc]
fatal: [accounts1]: UNREACHABLE! => {"changed": false, "msg": "certificate: HTTPSConnectionPool(host=&apos;172.16.1.4&apos;, port=5986): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f8d78f87e20>, &apos;Connection to 172.16.1.4 timed out. (connect timeout=30)&apos;))", "unreachable": true}

PLAY RECAP ******************************************************************************************************************************************
accounts-3                 : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
accounts1                  : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0   
csr2-pc-new                : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
csr3-pc                    : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
csr4-pc                    : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
csr4-sg-optiplex           : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0   
desktop-0q9mqhr            : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
kumarsgrande               : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
processing1-pc             : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0   
renewals1-opti3            : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
sgrandecsr1-new            : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0   
supervisor-pc              : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

mramanan@ansible11:/etc/ansible$ ansible-playbook -i Inventory/sangregrande_invnetory.ini Playbooks/hardware_requirements3.yml 

PLAY [Gather Hardware Requirements on Windows Hosts] ************************************************************************************************

TASK [Gathering Facts] ******************************************************************************************************************************
fatal: [csr4-sg-optiplex]: UNREACHABLE! => {"changed": false, "msg": "certificate: An attempt has been made to operate on an impersonation token by a thread that is not currently impersonating a client.  (extended fault data: {&apos;transport_message&apos;: &apos;Bad HTTP response returned from server. Code 500&apos;, &apos;http_status_code&apos;: 500, &apos;wsmanfault_code&apos;: &apos;1309&apos;, &apos;fault_code&apos;: &apos;s:Receiver&apos;, &apos;fault_subcode&apos;: &apos;w:InternalError&apos;})", "unreachable": true}
fatal: [accounts-3]: UNREACHABLE! => {"changed": false, "msg": "certificate: ", "unreachable": true}
fatal: [csr3-pc]: UNREACHABLE! => {"changed": false, "msg": "certificate: ", "unreachable": true}
fatal: [kumarsgrande]: UNREACHABLE! => {"changed": false, "msg": "certificate: ", "unreachable": true}
fatal: [processing1-pc]: UNREACHABLE! => {"changed": false, "msg": "certificate: HTTPSConnectionPool(host=&apos;172.16.1.5&apos;, port=5986): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7ff8130b8730>, &apos;Connection to 172.16.1.5 timed out. (connect timeout=30)&apos;))", "unreachable": true}
fatal: [sgrandecsr1-new]: UNREACHABLE! => {"changed": false, "msg": "certificate: HTTPSConnectionPool(host=&apos;172.16.222.42&apos;, port=5986): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7ff8130b88b0>, &apos;Connection to 172.16.222.42 timed out. (connect timeout=30)&apos;))", "unreachable": true}
fatal: [desktop-0q9mqhr]: UNREACHABLE! => {"changed": false, "msg": "certificate: ", "unreachable": true}
fatal: [supervisor-pc]: UNREACHABLE! => {"changed": false, "msg": "certificate: ", "unreachable": true}
ok: [csr2-pc-new]
fatal: [renewals1-opti3]: UNREACHABLE! => {"changed": false, "msg": "certificate: ", "unreachable": true}
fatal: [csr4-pc]: UNREACHABLE! => {"changed": false, "msg": "certificate: ", "unreachable": true}
fatal: [accounts1]: UNREACHABLE! => {"changed": false, "msg": "certificate: HTTPSConnectionPool(host=&apos;172.16.1.4&apos;, port=5986): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7ff81307de40>, &apos;Connection to 172.16.1.4 timed out. (connect timeout=30)&apos;))", "unreachable": true}

TASK [Fetch CPU Information] ************************************************************************************************************************
fatal: [csr2-pc-new]: UNREACHABLE! => {"changed": false, "msg": "certificate: ", "unreachable": true}

PLAY RECAP ******************************************************************************************************************************************
accounts-3                 : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0   
accounts1                  : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0   
csr2-pc-new                : ok=1    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0   
csr3-pc                    : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0   
csr4-pc                    : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0   
csr4-sg-optiplex           : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0   
desktop-0q9mqhr            : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0   
kumarsgrande               : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0   
processing1-pc             : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0   
renewals1-opti3            : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0   
sgrandecsr1-new            : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0   
supervisor-pc              : ok=0    changed=0    unreachable=1

this is really going to be hard to troubleshoot the way it is being presented here. I almost guarantee this has nothing to do with hardware requirements on the control node itself… so I wouldn’t rule it out, but you need to reduce the way you are troubleshooting.

Why don’t you reduce to just 1 host on 1 site so we can see what is going on

lets book at your branch B, look at the host accounts-3 that works with win_ping, but not with your 2nd playbook (hardware_requirements3.yml).

Provide us two things, the playbook Playbooks/win_ping.yml, I imagine this is super simple, and provide the output of -vvvvv (iirc 5vs is for windows troubleshooting) of running the playbook. Then do the same with hardware_requirements3.yml. The two modules running here are win_ping and setup, and I have a feeling they are connecting different ways for some reason. So the ping test is not helpful here :-/

2 Likes

Hi and welcome @pcpharmtt!

Adding to what @IPvSean mentions above which will help you troubleshoot, I would also advise you to upgrade Ansible (and ansible-core). From your details

Control Node: Ansible 2.10.8

That version is outdated and at end of life. Both community.windows and ansible.windows collections require ansible-core 2.12 in their latest release as well.

Let us know how it goes!

1 Like

Hi Guys,
Sorry for the delay. I actually have been trying to replicate this problem but it seems to have solved itself across both branches!
All the nodes that are online are actually responding to my playbook as described in my earlier problem. I have no idea why the problem existed in the first place. I thought it was a matter of network congestion because my follow ups have been in off peak business hours, but even in business hours, it works now…
I will continue with my project and if it happens again, I will link to this thread. I have collected verbose (5 vs ) output and have kept the privately for the working versions of my win_ping playbook and my hardware requirements playbook from both branches to have a record if how things look when they work! I may need it in the future. Thanks once again guys. It’s worth noting that I have made no changes or updates to ansible

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.