I don't see any reasonable way to do that using my dynamic inventory in this case. I'm going to stick to my patch (above) for now. I hope this is fixed in 2.1 or sooner.
J On Thursday, March 3, 2016 at 11:31:47 AM UTC-6, Matt Martz wrote: > > I recommend reading over https://github.com/ansible/ansible/issues/14710 > > Per that issue, ansible_winrm_server_cert_validation can *only* be set via > inventory. > > On Thu, Mar 3, 2016 at 11:28 AM, Slim Slam <[email protected] > <javascript:>> wrote: > >> Hi Matt, I'm using dynamically generated inventory in this case. So, I've >> used Ansible to generate a Windows instance and then I do this: >> >> PLAY [Configure the EC2 instance] >> ********************************************** >> >> TASK [setup] >> ******************************************************************* >> gather_facts: True >> vars: >> ansible_port: 5986 >> ansible_connection: winrm >> ansible_winrm_transport: ssl >> ansible_winrm_server_cert_validation: ignore >> .... >> .... >> >> >> And I get this outcome: >> >> PLAY [Configure the EC2 instance] >> ********************************************** >> >> TASK [setup] >> ******************************************************************* >> <52.36.20.10> ESTABLISH WINRM CONNECTION FOR USER: Administrator on PORT >> 5986 TO 52.36.20.10 >> <52.36.20.10> WINRM CONNECT: transport=ssl endpoint=https:// >> 52.36.20.10:5986/wsman >> <52.36.20.10> WINRM CONNECTION ERROR: 500 WinRMTransport. [SSL: >> CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) >> Traceback (most recent call last): >> File >> "/usr/local/lib/python2.7/site-packages/ansible/plugins/connection/winrm.py" >> , line 138, in _winrm_connect >> protocol.send_message('') >> File >> "/home/ec2-user/.local/lib/python2.7/site-packages/winrm/protocol.py", >> line 193, in send_message >> return self.transport.send_message(message) >> File >> "/home/ec2-user/.local/lib/python2.7/site-packages/winrm/transport.py", >> line 138, in send_message >> raise WinRMTransportError('http', ex.reason) >> WinRMTransportError: 500 WinRMTransport. [SSL: CERTIFICATE_VERIFY_FAILED] >> certificate verify failed (_ssl.c:590) >> fatal: [52.36.20.10]: FAILED! => {"failed": true, "msg": "ssl: 500 >> WinRMTransport. [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed >> (_ssl.c:590)"} >> >> Am I missing something here?? >> >> -J >> >> On Thursday, March 3, 2016 at 10:43:43 AM UTC-6, Matt Martz wrote: >>> >>> The appropriate solution to verifying SSL or not in v2 is to put the >>> following in your inventory: >>> >>> ansible_winrm_server_cert_validation=ignore ansible_winrm_transport=ssl >>> >>> As for xmltodict, you didn't say why those things didn't work, but a >>> `pip install -U xmltodict --user python` should have worked. I notice the >>> thing that did work, indicated that you needed to use `--user`, and the >>> things that didn't work did not include that flag. >>> >>> On Thu, Mar 3, 2016 at 10:38 AM, Slim Slam <[email protected]> wrote: >>> >>>> Ansible 2.0.1 >>>> >>>> Control machine: Latest version of Amazon Linux - CentOS 6 variant >>>> (has stock Python 2.7.10) >>>> Target machine: AWS Windows Server 2012R2 (prepared for Ansible) >>>> >>>> Two errors occur: >>>> >>>> 1. "ImportError: No module named xmltodict" >>>> >>>> Solution: >>>> >>>> Things that DID NOT WORK: >>>> pip install xmltodict >>>> pip install python-xmltodict >>>> yum install xmltodict >>>> yum install python-xmltodict >>>> >>>> Thing that DID WORK: >>>> pip install --upgrade pywinrm --user python >>>> >>>> 2. "WinRMTransportError: 500 WinRMTransport. [SSL: >>>> CERTIFICATE_VERIFY_FAILED] certificate verify failed" >>>> >>>> Solution: >>>> There are a few solutions, but I like my solution here: >>>> https://groups.google.com/d/msg/ansible-project/PNzzvbeT5hY/BwfgLOBIDAAJ >>>> >>>> Slightly modified for Amazon Linux: >>>> >>>> Edit (or create) the file >>>> /usr/lib/python2.7/site-packages/sitecustomize.py >>>> Add this code to the file: >>>> >>>> import ssl >>>> >>>> try: >>>> _create_unverified_https_context = ssl._create_unverified_context >>>> except AttributeError: >>>> # Legacy Python that doesn't verify HTTPS certificates by default >>>> pass >>>> else: >>>> # Handle target environment that doesn't support HTTPS verification >>>> ssl._create_default_https_context = >>>> _create_unverified_https_context >>>> >>>> Isn't this supposed to be fixed (or have an option) in Ansible 2 ?? >>>> >>>> === >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Ansible Project" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To post to this group, send email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/ansible-project/65be21d8-1281-4fca-8dda-d60ff62f6518%40googlegroups.com >>>> >>>> <https://groups.google.com/d/msgid/ansible-project/65be21d8-1281-4fca-8dda-d60ff62f6518%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> >>> >>> -- >>> Matt Martz >>> @sivel >>> sivel.net >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To post to this group, send email to [email protected] >> <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/a737dc6e-902a-460d-883a-9b39180d0ce2%40googlegroups.com >> >> <https://groups.google.com/d/msgid/ansible-project/a737dc6e-902a-460d-883a-9b39180d0ce2%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Matt Martz > @sivel > sivel.net > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/be624b6f-0b72-471e-9bda-d0fdca99938c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
