I am still holding my Ansible Newbie Keys Tight !
Not getting very far with Ansible Tower and Windows. Struggling to even Ping a Windows Server. I’ve configured WinRM service settings, Opened Firewall Port, etc.
FAILED! msg No setting was provided for required configuration plugin type become plugin: runas setting: become_user
win_ping.yml file
Hi Nick,
Here is an example of a working config, note the use of (hosts: all) in the playbook since the inventory will be managed by Tower:
Thanks for replying Michael,
I have made changes as recommended and now getting a different error.
FAILED msg The Powershell shell family is incompatible with the sudo become plugin
Something inside Tower Presumably
Regards,
Nick
Hi again,
You need to configure the credential in Tower and apply it to your template.
In the credential settings you set the become user:
Good luck,
I thought I might just need a become_user option adding…
You can’t become a user without their password.
“msg”: "No setting was provided for required configuration plugin_type: become plugin: runas setting: become_user ",
“_ansible_no_log”: false
So my Windows Inventory Vars is worng ?
Vars
Vars
Management are now asking me, Can Ansible / Ansible Tower Deploy Windows Systems ? When I am still struggling to even ping a Windows server !
I’ve created win2019-tmp and win2022-tmp in VMware, I just need to demonstrate I can create the guest vm using these templates.
I can. We are managing windows systems even on the old awx version 9 through winrm and ad
It can,
We use vcloud director over the top of vmware and we can deploy orgs to vcd, create edge gateways, deploy vm’s input firewall rules and login and configure deployed vm’s once they are deployed.
windows machines are a little more difficult to connect to after a provision that linux servers but if you can get a winrm server up on those servers or an openssh server, you can connect and configure.
We use this module for vcd, https://github.com/vmware/ansible-module-vcloud-director
but you can do it direct to vcenter too, https://docs.ansible.com/ansible/2.6/vmware/scenario_clone_template.html
Not sure my Inventories > Windows > Variables are correct. The ansible user is a domain service account.
Are you connecting through domain or workgroup? It looks like you are connecting through domain credentials through to 5986. From experience this gets finicky. I always use 5985 with domain credentials in conjunction with a krb5.conf file
domain account
Not sure how to create krb5.conf file
Use 5985 with krb5.conf.
If you are using 18.0+ I wrote a blog about it last year. Some variables may have changed but the concept stays the same. Just use new ones listed in awx-operator
Shouldn’t I be using port 5986 ? I’ve created a WinRM HTTPS Listener on 5986
L@@Ks like my ansible service account has not been excluded from DUO
This might be why my code is failing !
Actually thinking about it DUO only affects RDP. It might be a JITA issue ?
