In my company i have a set of CentOS, MAC and Windows machines, i want to use Ansible mainly to deploy packages and scripts (bash, powershell).
I’ve been trying to make it work for my windows machines, i have used the powershell scripts from ansible.com to enable winrm.
But when i test the connection to my windows host i get this error:
TASK: [Run powershell script] *************************************************
fatal: [192.168.0.37] => 500 WinRMTransport. [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)
FATAL: all hosts have already failed – aborting
Do you know how to solve this ?
I have installed ansible with pip on a debian machine.
i had to create the files in /etc/ansible
maybe i’ve forgot something ?
tree /etc/ansible/
├── ansible.cfg
├── group_vars
│ └── windows.yml
├── handlers
│ └── httpd.yml
├── hosts
├── playbooks
│ ├── examples
│ ├── run-bash.yml
│ └── run-powershell.yml
├── roles
Sorry for my bad english i’m french
It looks like you're running into this issue:
https://github.com/ansible/ansible/issues/10294
I'm guessing you are running Python 2.7.9+. The current workaround is
using a callback plugin to disable SSL verification; we'll hopefully have a
better fix by v2.
Yes i am running python 2.7.9+ , i did create a folder callback_plugin with fix.ssl in my playbooks directory but i have the same error:
3[root@Debian]:ansible-playbook /etc/ansible/playbooks/run-powershell.yml
PLAY [Run powershell script] **************************************************
TASK: [Run powershell script] *************************************************
fatal: [192.168.0.37] => 500 WinRMTransport. [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)
FATAL: all hosts have already failed – aborting
PLAY RECAP ********************************************************************
to retry, use: --limit @/root/run-powershell.retry
192.168.0.37 : ok=0 changed=0 unreachable=1 failed=0
my directory:
/etc/ansible/
├── ansible.cfg
├── group_vars
│ └── windows.yml
├── handlers
│ └── httpd.yml
├── hosts
├── info.txt
├── playbooks
│ ├── callback-plugins
│ │ └── fix-ssl.py
│ ├── examples
│ ├── run-bash.yml
│ └── run-powershell.yml
├── roles
└── test.py
i should see a fix-ssl.pyc in the callbacks-pluins directory if it’s load ?
I did not change anything /usr/local/lib/python2.7/dist-packages/ansible.
Try callback_plugins (with an underscore) instead of callback-plugins.
oops thanks it’s now working with ‘ansible-playbook …’, but not with ‘ansible…’ i tried with
env ANSIBLE_LOAD_CALLBACK_PLUGINS=1 ansible windows -m win_ping
or
ANSIBLE_LOAD_CALLBACK_PLUGINS=1 ansible windows -m win_ping
and i still get the error
192.168.0.37 | FAILED => 500 WinRMTransport. [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)
I was also wondering, is there an help command to see all the modules avaible ? because i currently check on
the website.
ansible-doc -l => lists all modules in your ansible installation
I think you may need to change this setting in your ansible.cfg file to get the callback to take effect when using ansible
http://docs.ansible.com/ansible/intro_configuration.html#bin-ansible-callbacks