我開始學習Ansible,但文檔不是太有幫助。在域用戶的Windows上使用Ansible
我已經安裝在RHEL控制機,並建立了必要的主機文件和windows.yml。
但是當試圖連接到遠程Windows服務器,以獲得一個乒乓球回來,我得到以下錯誤:
[[email protected] ansible_test]# ansible windows -i hosts -m win_ping
hostname | UNREACHABLE! => {
"changed": false,
"msg": "ssl: the specified credentials were rejected by the server",
"unreachable": true
}
後Installing python-kerberos dependencies,
現在我得到這個錯誤:
hostname | UNREACHABLE! => {
"changed": false,
"msg": "Kerberos auth failure: kinit: KDC reply did not match expectations while getting initial credentials",
"unreachable": true
}
我的windows.yml文件包含:
# it is suggested that these be encrypted with ansible-vault:
# ansible-vault edit group_vars/windows.yml
ansible_ssh_user: [email protected]
ansible_ssh_pass: password
ansible_ssh_port: 5986
ansible_connection: winrm
ansible_winrm_server_cert_validation: ignore
我對的語法做了什麼錯誤域\用戶?也許我忘了在Windows機器上安裝一些東西?我只運行了ConfigureRemotingForAnsible.ps1腳本,並且Python沒有安裝在那裏。
這是我的krb5.conf文件:
[libdefaults]
default_realm = MYDOMAIN.NET
#dns_lookup_realm = true
#dns_lookup_kdc = true
[realms]
MYDOMAIN.NET = {
kdc = dc1.mydomain.net
default_domain = hpeswlab.net
}
[domain_realm]
.mydomain.net = MYDOMAIN.NET
mydomain.net = MYDOMAIN.NET
而且我用得到令牌的kinit:
kinit -C [email protected]
klist
KLIST輸出:
Valid starting Expires Service principal
01/31/2017 11:25:33 01/31/2017 21:25:33 krbtgt/[email protected]
renew until 02/01/2017 11:25:29
您是否瀏覽過:https://github.com/ansible/ansible/issues/16478和https://github.com/ansible/ansible/issues/13416? – techraf
您的RHEL控制器是否符合此處的要求:http://docs.ansible.com/ansible/intro_windows.html#active-directory-support? – Zlemini
是的。我有所有要求 –