我开始学习 Ansible,但文档并没有太大帮助。
我已经在 RHEL 上安装了控制机并创建了必要的hosts文件和窗口.yml.
但是,当尝试连接到远程 Windows 服务器以取回 pong 时,我收到以下错误:
[root@myd666 ansible_test]# ansible windows -i hosts -m win_ping
hostname | UNREACHABLE! => {
"changed": false,
"msg": "ssl: the specified credentials were rejected by the server",
"unreachable": true
}
After 安装 python-kerberos 依赖项 http://docs.ansible.com/ansible/intro_windows.html#active-directory-support,
我现在得到这个错误:
hostname | UNREACHABLE! => {
"changed": false,
"msg": "Kerberos auth failure: kinit: KDC reply did not match expectations while getting initial credentials",
"unreachable": true
}
My 窗口.yml文件包含:
# it is suggested that these be encrypted with ansible-vault:
# ansible-vault edit group_vars/windows.yml
ansible_ssh_user: [email protected] /cdn-cgi/l/email-protection
ansible_ssh_pass: password
ansible_ssh_port: 5986
ansible_connection: winrm
ansible_winrm_server_cert_validation: ignore
我的语法有什么问题吗域\用户?也许我忘记在 Windows 机器上安装某些东西?我只运行了配置RemotingForAnsible.ps1脚本,并且Python没有安装在那里。
这是我的krb5.conf file:
[libdefaults]
default_realm = MYDOMAIN.NET
#dns_lookup_realm = true
#dns_lookup_kdc = true
[realms]
MYDOMAIN.NET = {
kdc = dc1.mydomain.net
default_domain = hpeswlab.net
}
[domain_realm]
.mydomain.net = MYDOMAIN.NET
mydomain.net = MYDOMAIN.NET
我确实使用 Kinit 获得了一个令牌:
kinit -C [email protected] /cdn-cgi/l/email-protection
klist
克列表输出:
Valid starting Expires Service principal
01/31/2017 11:25:33 01/31/2017 21:25:33 krbtgt/MY[email protected] /cdn-cgi/l/email-protection
renew until 02/01/2017 11:25:29