Hi Ameya,
To verify if i can reach the server, i used win_ping
-----------------------
xxx.xxx.xxx.xxx | SUCCESS => {
"changed": false,
"ping": "pong"
}
-----------------------
On the windows server side i also checked firewall is opened
[image: Capture.PNG]
Is there any particular firewall i need to open on RHEL7 OS side?
On Wednesday, February 27, 2019 at 12:02:55 PM UTC+8, ameya agashe wrote:
>
> Hi Tran,
>
> Still, think it is Firewall only, can you double check?
>
> Thanks
> Ameya
>
> On Wed, Feb 27, 2019 at 2:49 PM Eric Tan <[email protected] <javascript:>>
> wrote:
>
>> Hi Ameya,
>>
>> Below is the debug information. By the way, the localhost is RHEL7 OS and
>> the ec2 we are trying to winrm is Windows Server 2012.
>> ---------------------------------------------
>>
>> TASK [ec2]
>> *********************************************************************
>> task path: /home/ec2-user/ansible-netenv/hitwin.yml:12
>> Using module file
>> /usr/local/lib/python2.7/site-packages/ansible/modules/cloud/a
>> mazon/ec2.py
>> <localhost> ESTABLISH WINRM CONNECTION FOR USER: Administrator on PORT
>> 5986 TO l ocalhost
>> Using module file
>> /usr/local/lib/python2.7/site-packages/ansible/modules/cloud/a
>> mazon/ec2.py
>> <localhost> ESTABLISH WINRM CONNECTION FOR USER: Administrator on PORT
>> 5986 TO l ocalhost
>> fatal: [xxx.xxx.xxx.xxx]: UNREACHABLE! => {
>> "changed": false,
>> "msg": "ssl: HTTPSConnectionPool(host='localhost', port=5986): Max
>> retries e xceeded with url: /wsman (Caused by
>> NewConnectionError('<urllib3.connection.Veri
>> fiedHTTPSConnection object at 0x7f78dc5213d0>: Failed to establish a new
>> connect ion: [Errno 111] Connection refused',))",
>> "unreachable": true
>> }
>>
>> to retry, use: --limit @/home/ec2-user/ansible-netenv/hitwin.retry
>>
>>
>> ---------------------------------------------
>>
>> On Wednesday, February 27, 2019 at 11:43:45 AM UTC+8, ameya agashe wrote:
>>>
>>> Hi Tan,
>>>
>>> Not aware of the issue you referring about, under normal
>>> circumstances the command I gave should work. Have you tried running
>>> playbook in debug mode to see what is happening under the cover? place
>>> "-vvv" at the last of command line.
>>>
>>> Regards
>>> Ameya Agashe
>>>
>>> On Wed, Feb 27, 2019 at 2:38 PM Eric Tan <[email protected]> wrote:
>>>
>>>> Hi Ameya,
>>>>
>>>> thanks for your response!
>>>> I forgot to add that the firewall is already opened in my issue but it
>>>> still doesnt work.
>>>> I read somewhere that it has to do with the cipher suite that RHEL7 and
>>>> Windows default uses.
>>>>
>>>> Do you have any idea about this?
>>>>
>>>> On Wed, Feb 27, 2019 at 10:51 AM ameya agashe <[email protected]>
>>>> wrote:
>>>>
>>>>> Run below in PowerShell and it should keep you going:
>>>>>
>>>>> netsh advfirewall firewall add rule name="Allow WinRM (Https)" dir=in
>>>>> localport=5986 protocol=tcp action=allow enable=yes
>>>>>
>>>>> Thanks and Regards,
>>>>> Ameya Agashe
>>>>>
>>>>> On Wed, Feb 27, 2019 at 1:38 PM Eric Tan <[email protected]> wrote:
>>>>>
>>>>>> ##### SUMMARY
>>>>>> 1. Using Python 2.7 in RHEL7
>>>>>> 2. Executed powershell script in windows machine
>>>>>> ConfigureRemotingForAnsible.ps1
>>>>>> 3. Configured yml file to the below:
>>>>>>
>>>>>> * name: hit windows test instance
>>>>>> hosts: "tag_class_windows_{{ env }}_{{ ec2_class }}"
>>>>>> vars:
>>>>>> ansible_user: Administrator
>>>>>> ansible_password: {{ password }}
>>>>>> ansible_port: 5986
>>>>>> ansible_connection: winrm
>>>>>> ansible_winrm_server_cert_validation: ignore
>>>>>> ansible_winrm_operation_timeout_sec: 60
>>>>>> ansible_winrm_read_timeout_sec: 70
>>>>>> tasks:
>>>>>>
>>>>>> * ec2:
>>>>>> state: 'absent'
>>>>>> instance_ids: {{ instance_id }}'
>>>>>> ec2_region: '{{ ec2_region }}'
>>>>>> delegate_to: localhost
>>>>>>
>>>>>> Error encountered:
>>>>>> fatal: [xxx.xxx.xxx.xxx]: UNREACHABLE! => {"changed": false, "msg":
>>>>>> "ssl: HTTPSConnectionPool(host='localhost', port=5986): Max retries
>>>>>> exceeded with url: /wsman (Caused by
>>>>>> NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object
>>>>>> at
>>>>>> 0x7fefb0fdf3d0>: Failed to establish a new connection: [Errno 111]
>>>>>> Connection refused',))", "unreachable": true}
>>>>>>
>>>>>> ##### ISSUE TYPE
>>>>>> * Bug Report
>>>>>>
>>>>>> ##### COMPONENT NAME
>>>>>> winrm
>>>>>>
>>>>>> ##### ANSIBLE VERSION
>>>>>> ansible 2.4.3.0
>>>>>>
>>>>>> ##### CONFIGURATION
>>>>>> HOST_KEY_CHECKING(/etc/ansible/ansible.cfg) = False
>>>>>>
>>>>>> ##### OS / ENVIRONMENT
>>>>>> Host: RHEL 7
>>>>>> WinRM to Windows 2012
>>>>>>
>>>>>> ##### STEPS TO REPRODUCE
>>>>>> ansible-playbook -i /etc/ansible/ec2.py hitwin.yml --extra-vars
>>>>>> "ec2_class=appservers env=test"
>>>>>>
>>>>>> * name: hit windows test instance
>>>>>> hosts: "tag_class_windows_{{ env }}_{{ ec2_class }}"
>>>>>> vars:
>>>>>> ansible_user: Administrator
>>>>>> ansible_password: {{ password }}
>>>>>> ansible_port: 5986
>>>>>> ansible_connection: winrm
>>>>>> ansible_winrm_server_cert_validation: ignore
>>>>>> ansible_winrm_operation_timeout_sec: 60
>>>>>> ansible_winrm_read_timeout_sec: 70
>>>>>> tasks:
>>>>>>
>>>>>> * ec2:
>>>>>> state: 'absent'
>>>>>> instance_ids: {{ instance_id }}'
>>>>>> ec2_region: '{{ ec2_region }}'
>>>>>> delegate_to: localhost
>>>>>>
>>>>>> ##### EXPECTED RESULTS
>>>>>> Expected success to win rm and shutdown server
>>>>>>
>>>>>> ##### ACTUAL RESULTS
>>>>>> PLAY [hit windows test instance]
>>>>>> ***********************************************
>>>>>>
>>>>>> TASK [Gathering Facts]
>>>>>> *********************************************************
>>>>>> ok: [xxx.xxx.xxx.xxx]
>>>>>>
>>>>>> TASK [ec2]
>>>>>> *********************************************************************
>>>>>> fatal: [xxx.xxx.xxx.xxx]: UNREACHABLE! => {"changed": false, "msg":
>>>>>> "ssl: HTTPSConnectionPool(host='localhost', port=5986): Max retries
>>>>>> exceeded with url: /wsman (Caused by
>>>>>> NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object
>>>>>> at
>>>>>> 0x7fefb0fdf3d0>: Failed to establish a new connection: [Errno 111]
>>>>>> Connection refused',))", "unreachable": true}
>>>>>>
>>>>>> ```
>>>>>> to retry, use: --limit @/home/ec2-user/ansible-netenv/hitwin.retry
>>>>>> ```
>>>>>> PLAY RECAP
>>>>>> *********************************************************************
>>>>>> xxx.xxx.xxx.xxx : ok=1 changed=0 unreachable=1 failed=0
>>>>>>
>>>>>> --
>>>>>> You received this message because you are subscribed to the Google
>>>>>> Groups "Ansible Project" group.
>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>> send an email to [email protected].
>>>>>> To post to this group, send email to [email protected].
>>>>>> To view this discussion on the web visit
>>>>>> https://groups.google.com/d/msgid/ansible-project/d90a7256-11a0-446f-943f-294356831c05%40googlegroups.com
>>>>>>
>>>>>> <https://groups.google.com/d/msgid/ansible-project/d90a7256-11a0-446f-943f-294356831c05%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>>>> .
>>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "Ansible Project" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>> an email to [email protected].
>>>>> To post to this group, send email to [email protected].
>>>>> To view this discussion on the web visit
>>>>> https://groups.google.com/d/msgid/ansible-project/CAG9tf-9YD0wdZq2Y%3DbEuBBZSM%2BiYHemSmJ11M_Ux6vMBJ53O6Q%40mail.gmail.com
>>>>>
>>>>> <https://groups.google.com/d/msgid/ansible-project/CAG9tf-9YD0wdZq2Y%3DbEuBBZSM%2BiYHemSmJ11M_Ux6vMBJ53O6Q%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>>>> .
>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> Regards,
>>>>
>>>> *Mr Tan Choa Hong, Eric (Mba)*
>>>> PMP®,CBAP®,CSM®
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> LinkedIn : https://www.linkedin.com/in/er1csg
>>>>
>>>> Email : [email protected]
>>>>
>>>> AboutMe : https://about.me/er1c_sg
>>>>
>>>>
>>>> *The information contained in this email (including all attachments) is
>>>> confidential and may also be privileged. It is intended for the use only
>>>> of
>>>> the addressee(s) named. If you are not the intended recipient, kindly note
>>>> that any dissemination, distribution, publication or copying of this email
>>>> is strictly prohibited. If you have received this email in error, please
>>>> accept our apologies and notify us immediately. Thereafter, kindly delete
>>>> all copies from your system. Although reasonable precautions have been
>>>> taken to ensure the integrity of this email and that it is virus free.*
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Ansible Project" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to [email protected].
>>>> To post to this group, send email to [email protected].
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/d/msgid/ansible-project/CADeC%2B8bhNZh844Hmmm41-KAgU%2B_WpMiRDBG8jnxHMidYOvn3Rg%40mail.gmail.com
>>>>
>>>> <https://groups.google.com/d/msgid/ansible-project/CADeC%2B8bhNZh844Hmmm41-KAgU%2B_WpMiRDBG8jnxHMidYOvn3Rg%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>>> .
>>>> For more options, visit https://groups.google.com/d/optout.
>>>>
>>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected] <javascript:>.
>> To post to this group, send email to [email protected]
>> <javascript:>.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/fd7d8e96-1f66-4efd-a1f1-9e5a90ce8646%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/ansible-project/fd7d8e96-1f66-4efd-a1f1-9e5a90ce8646%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/5b046865-f4ff-4877-a22a-9b4defa2209b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
