Question

我在使用Ansible在Windows 2008服务器上进行部署时遇到了问题。我有一个jenkins管道，该管道具有Ansible部署阶段，其中我将文件从清单中拖放到目标服务器上。我已经能够在相当多的服务器上成功完成此操作。但是对于某些服务器，我会看到上面的错误消息。

这是jenkins管道的输出

TASK [debug] *******************************************************************
ok: [ch3dw026394.mydomain.com] => {
    "msg": "Hello world!"
}

TASK [Testing connection to windows] *******************************************
fatal: [ch3dw026394.mydomain.com]: UNREACHABLE! => {"changed": false, "msg": "ntlm: ('Connection aborted.', error(104, 'Connection reset by peer'))", "unreachable": true}

以下是用于win_ping的Ansible剧本模块

  #Testing connection with Target
  - debug: 
    msg: "Testing connection to windows {{ inventory_hostname }}"

  - name: Testing connection to windows
    win_ping: null
    any_errors_fatal: true

我对此进行了大量研究，但以下选项均无效

在Windows 2008服务器上关闭UAC。
不起作用一些帖子在线表示发生此错误是因为清单文件确实不包含FQDN，但包含IP。我的库存文件包含FQDN （完全合格的域名）仍然无法正常工作表示应注释vars.yml中的端口号（5986）出，在清单文件中使用主机名：5986。还是做了不起作用
我尝试删除服务器上的侦听器并运行Powershell 脚本以启用WinRM（https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1）。这也没有用。使用
删除了侦听器
```
winrm delete winrm/config/Listener?Address=*+Transport=HTTP
winrm delete winrm/config/Listener?Address=*+Transport=HTTS
```
将WinRM设置为具有基本的Auth = true，还具有AllowUncrypted = true（请参见下文），但仍然无法正常工作。（请注意，我不必在其他Windows 2008服务器中执行任何此操作，并且它运行良好）。
```
winrm set winrm/config/service '@{AllowUnencrypted= "true"}'
Set-Item -Path "WSMan:\localhost\Service\Auth\Basic" -Value $true
```

请帮助我克服此错误。

在此先感谢您的协助！温馨的问候

Answer 1

好吧，对于那些想知道是否固定的人，答案是肯定的，我知道了。但是，我不确定这是否正确。

因此，有关如何解决此错误的方法是解决方法：

该问题归因于TLS 1.2注册表设置。

因此转到注册表编辑器（regedit）并遍历以下内容位置HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SecurityProviders \ SCHANNEL \ Protocols
检查是否存在TLS 1.2条目。如果是，则将其删除。现在尝试再次部署，它应该可以工作！

正如我所说，这是解决方法。如果需要提供TLS 1.2，则需要从Ansible剧本的角度进行更深入的研究。

Answer 2

使用-vvv运行时，我从Ansible获得了详细的堆栈跟踪。每行的openstack:由打包程序添加。

    openstack: TASK [Disable check for non-interactive shells, all shells interactive from now on] ***
    openstack: task path: image-generator/provisioning-scripts/ansible/win_paths.yaml:7
    openstack: Using module file /home/jdanek/.local/share/virtualenvs/image-generator-cHKWQna6/lib/python3.7/site-packages/ansible/modules/windows/win_lineinfile.ps1
    openstack: Pipelining is enabled.
    openstack: <xxx> ESTABLISH WINRM CONNECTION FOR USER: Administrator on PORT 5986 TO xxx
    openstack: EXEC (via pipeline wrapper)
    openstack: The full traceback is:
    openstack: Traceback (most recent call last):
    openstack:   File "/home/jdanek/.local/share/virtualenvs/image-generator-cHKWQna6/lib/python3.7/site-packages/urllib3/connectionpool.py", line 672, in urlopen
    openstack:     chunked=chunked,
    openstack:   File "/home/jdanek/.local/share/virtualenvs/image-generator-cHKWQna6/lib/python3.7/site-packages/urllib3/connectionpool.py", line 421, in _make_request
    openstack:     six.raise_from(e, None)
    openstack:   File "<string>", line 3, in raise_from
    openstack:   File "/home/jdanek/.local/share/virtualenvs/image-generator-cHKWQna6/lib/python3.7/site-packages/urllib3/connectionpool.py", line 416, in _make_request
    openstack:     httplib_response = conn.getresponse()
    openstack:   File "/nix/store/k5rdcbcwwpvj7l9f1yvd5mfggcfz16kk-python3-3.7.5/lib/python3.7/http/client.py", line 1344, in getresponse
    openstack:     response.begin()
    openstack:   File "/nix/store/k5rdcbcwwpvj7l9f1yvd5mfggcfz16kk-python3-3.7.5/lib/python3.7/http/client.py", line 306, in begin
    openstack:     version, status, reason = self._read_status()
    openstack:   File "/nix/store/k5rdcbcwwpvj7l9f1yvd5mfggcfz16kk-python3-3.7.5/lib/python3.7/http/client.py", line 267, in _read_status
    openstack:     line = str(self.fp.readline(_MAXLINE + 1), "iso-8859-1")
    openstack:   File "/nix/store/k5rdcbcwwpvj7l9f1yvd5mfggcfz16kk-python3-3.7.5/lib/python3.7/socket.py", line 589, in readinto
    openstack:     return self._sock.recv_into(b)
    openstack:   File "/nix/store/k5rdcbcwwpvj7l9f1yvd5mfggcfz16kk-python3-3.7.5/lib/python3.7/ssl.py", line 1071, in recv_into
    openstack:     return self.read(nbytes, buffer)
    openstack:   File "/nix/store/k5rdcbcwwpvj7l9f1yvd5mfggcfz16kk-python3-3.7.5/lib/python3.7/ssl.py", line 929, in read
    openstack:     return self._sslobj.read(len, buffer)
    openstack: ConnectionResetError: [Errno 104] Connection reset by peer
    openstack:
    openstack: During handling of the above exception, another exception occurred:
    openstack:
    openstack: Traceback (most recent call last):
    openstack:   File "/home/jdanek/.local/share/virtualenvs/image-generator-cHKWQna6/lib/python3.7/site-packages/requests/adapters.py", line 449, in send
    openstack:     timeout=timeout
    openstack:   File "/home/jdanek/.local/share/virtualenvs/image-generator-cHKWQna6/lib/python3.7/site-packages/urllib3/connectionpool.py", line 720, in urlopen
    openstack:     method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
    openstack:   File "/home/jdanek/.local/share/virtualenvs/image-generator-cHKWQna6/lib/python3.7/site-packages/urllib3/util/retry.py", line 400, in increment
    openstack:     raise six.reraise(type(error), error, _stacktrace)
    openstack:   File "/home/jdanek/.local/share/virtualenvs/image-generator-cHKWQna6/lib/python3.7/site-packages/urllib3/packages/six.py", line 734, in reraise
    openstack:     raise value.with_traceback(tb)
    openstack:   File "/home/jdanek/.local/share/virtualenvs/image-generator-cHKWQna6/lib/python3.7/site-packages/urllib3/connectionpool.py", line 672, in urlopen
    openstack:     chunked=chunked,
    openstack:   File "/home/jdanek/.local/share/virtualenvs/image-generator-cHKWQna6/lib/python3.7/site-packages/urllib3/connectionpool.py", line 421, in _make_request
    openstack:     six.raise_from(e, None)
    openstack:   File "<string>", line 3, in raise_from
    openstack:   File "/home/jdanek/.local/share/virtualenvs/image-generator-cHKWQna6/lib/python3.7/site-packages/urllib3/connectionpool.py", line 416, in _make_request
    openstack:     httplib_response = conn.getresponse()
    openstack:   File "/nix/store/k5rdcbcwwpvj7l9f1yvd5mfggcfz16kk-python3-3.7.5/lib/python3.7/http/client.py", line 1344, in getresponse
    openstack:     response.begin()
    openstack:   File "/nix/store/k5rdcbcwwpvj7l9f1yvd5mfggcfz16kk-python3-3.7.5/lib/python3.7/http/client.py", line 306, in begin
    openstack:     version, status, reason = self._read_status()
    openstack:   File "/nix/store/k5rdcbcwwpvj7l9f1yvd5mfggcfz16kk-python3-3.7.5/lib/python3.7/http/client.py", line 267, in _read_status
    openstack:     line = str(self.fp.readline(_MAXLINE + 1), "iso-8859-1")
    openstack:   File "/nix/store/k5rdcbcwwpvj7l9f1yvd5mfggcfz16kk-python3-3.7.5/lib/python3.7/socket.py", line 589, in readinto
    openstack:     return self._sock.recv_into(b)
    openstack:   File "/nix/store/k5rdcbcwwpvj7l9f1yvd5mfggcfz16kk-python3-3.7.5/lib/python3.7/ssl.py", line 1071, in recv_into
    openstack:     return self.read(nbytes, buffer)
    openstack:   File "/nix/store/k5rdcbcwwpvj7l9f1yvd5mfggcfz16kk-python3-3.7.5/lib/python3.7/ssl.py", line 929, in read
    openstack:     return self._sslobj.read(len, buffer)
    openstack: urllib3.exceptions.ProtocolError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))
    openstack:
    openstack: During handling of the above exception, another exception occurred:
    openstack:
    openstack: Traceback (most recent call last):
    openstack:   File "/home/jdanek/.local/share/virtualenvs/image-generator-cHKWQna6/lib/python3.7/site-packages/ansible/executor/task_executor.py", line 146, in run
    openstack:     res = self._execute()
    openstack:   File "/home/jdanek/.local/share/virtualenvs/image-generator-cHKWQna6/lib/python3.7/site-packages/ansible/executor/task_executor.py", line 645, in _execute
    openstack:     result = self._handler.run(task_vars=variables)
    openstack:   File "/home/jdanek/.local/share/virtualenvs/image-generator-cHKWQna6/lib/python3.7/site-packages/ansible/plugins/action/normal.py", line 46, in run
    openstack:     result = merge_hash(result, self._execute_module(task_vars=task_vars, wrap_async=wrap_async))
    openstack:   File "/home/jdanek/.local/share/virtualenvs/image-generator-cHKWQna6/lib/python3.7/site-packages/ansible/plugins/action/__init__.py", line 923, in _execute_module
    openstack:     res = self._low_level_execute_command(cmd, sudoable=sudoable, in_data=in_data)
    openstack:   File "/home/jdanek/.local/share/virtualenvs/image-generator-cHKWQna6/lib/python3.7/site-packages/ansible/plugins/action/__init__.py", line 1071, in _low_level_execute_command
    openstack:     rc, stdout, stderr = self._connection.exec_command(cmd, in_data=in_data, sudoable=sudoable)
    openstack:   File "/home/jdanek/.local/share/virtualenvs/image-generator-cHKWQna6/lib/python3.7/site-packages/ansible/plugins/connection/winrm.py", line 548, in exec_command
    openstack:     result = self._winrm_exec(cmd_parts[0], cmd_parts[1:], from_exec=True, stdin_iterator=stdin_iterator)
    openstack:   File "/home/jdanek/.local/share/virtualenvs/image-generator-cHKWQna6/lib/python3.7/site-packages/ansible/plugins/connection/winrm.py", line 475, in _winrm_exec
    openstack:     resptuple = self.protocol.get_command_output(self.shell_id, command_id)
    openstack:   File "/home/jdanek/.local/share/virtualenvs/image-generator-cHKWQna6/lib/python3.7/site-packages/winrm/protocol.py", line 449, in get_command_output
    openstack:     self._raw_get_command_output(shell_id, command_id)
    openstack:   File "/home/jdanek/.local/share/virtualenvs/image-generator-cHKWQna6/lib/python3.7/site-packages/winrm/protocol.py", line 468, in _raw_get_command_output
    openstack:     res = self.send_message(xmltodict.unparse(req))
    openstack:   File "/home/jdanek/.local/share/virtualenvs/image-generator-cHKWQna6/lib/python3.7/site-packages/winrm/protocol.py", line 243, in send_message
    openstack:     resp = self.transport.send_message(message)
    openstack:   File "/home/jdanek/.local/share/virtualenvs/image-generator-cHKWQna6/lib/python3.7/site-packages/winrm/transport.py", line 323, in send_message
    openstack:     response = self._send_message_request(prepared_request, message)
    openstack:   File "/home/jdanek/.local/share/virtualenvs/image-generator-cHKWQna6/lib/python3.7/site-packages/winrm/transport.py", line 328, in _send_message_request
    openstack:     response = self.session.send(prepared_request, timeout=self.read_timeout_sec)
    openstack:   File "/home/jdanek/.local/share/virtualenvs/image-generator-cHKWQna6/lib/python3.7/site-packages/requests/sessions.py", line 646, in send
    openstack:     r = adapter.send(request, **kwargs)
    openstack:   File "/home/jdanek/.local/share/virtualenvs/image-generator-cHKWQna6/lib/python3.7/site-packages/requests/adapters.py", line 498, in send
    openstack:     raise ConnectionError(err, request=request)
    openstack: requests.exceptions.ConnectionError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))
    openstack: fatal: [xxx]: FAILED! => {
    openstack:     "msg": "Unexpected failure during module execution.",
    openstack:     "stdout": ""
    openstack: }

我通过在Ansible命令行中添加以下内容解决了该错误

--extra_vars 'ansible_shell_type=powershell ansible_shell_executable=None'

我添加了ansible_shell_type=powershell，因为Ansible文档说应该存在（值为=powershell或=cmd）。我在某些有Ansible问题的Packer上看到了ansible_shell_executable=None。它可能不会疼。

除了这些，我已经在使用多余的var ansible_winrm_server_cert_validation=ignore。

我发现的其他建议是在新的Python虚拟环境中重新安装ansible，以确保requests软件包是最新的。我没有尝试，因为上面的命令已经可以运行了。

我还尝试了额外的var ansible_winrm_transport=basic和kdestroy-将我的kerberos票证出售给我持有的其他系统。

Answer 3

在尝试Windows 10节点乒乓球时，我遇到了类似的问题：

examplenode | UNREACHABLE! => {
    "changed": false, 
    "msg": "ssl: ('Connection aborted.', error(104, 'Connection reset by peer'))", 
    "unreachable": true

通过-ForceNewSSLCert脚本上的选项ConfigureRemotingforAnsible.ps1帮助重新发行证书。（在目标节点上）

这发生在我的集合中的两个节点上，我注意到两个节点都在Windows 10的1607版本上

（如果有人想查找问题）

Ansible Windows部署-“连接异常中止。”，错误（104，“对等方重置连接”）

3 个答案: