我正在尝试在Windows系统的ansible上推出目录,用户和标准软件。为此,我创建了一个角色来为我处理。 现在,我有两个环境:1个具有两个Windows Server 2016 VM的开发环境和1个具有两个Windows 2016 Server VM的QA环境。
角色是相同的,只有vm是其他角色。
当我在开发环境侧执行角色时,一切正常。 Windows系统的所有任务都可以执行。
这是我在开发主机文件中输入的内容:
[dev_win_servers]
dev_win_1 ansible_host=10.40.85.15 ansible_port=443 ansible_connection=winrm ansible_winrm_transport=ntlm ansible_user=Administrator ansible_password='{{ pw_dev_win_1 }}' ansible_winrm_server_cert_validation=ignore
dev_win_2 ansible_host=10.40.85.16 ansible_port=443 ansible_connection=winrm ansible_winrm_transport=ntlm ansible_user=Administrator ansible_password='{{ pw_dev_win_2 }}' ansible_winrm_server_cert_validation=ignore
当我在质量保证系统上执行相同的角色时,出现此错误:
TASK [Gathering Facts] ****************************************************************************************************************************************************************************************************************************************************************************************************************
fatal: [eti_banksystem_ha2_win1]: FAILED! => {"msg": "winrm or requests is not installed: cannot import name certs"}
QA网络上的主机保持安静,只是IP地址和服务器名称不同:
[qa_win_servers]
qa_win_1 ansible_host=10.40.11.100 ansible_port=443 ansible_connection=winrm ansible_winrm_transport=ntlm ansible_user=Administrator ansible_password='{{ pw_qa_win_1 }}' ansible_winrm_server_cert_validation=ignore
qa_win_2 ansible_host=10.40.11.101 ansible_port=443 ansible_connection=winrm ansible_winrm_transport=ntlm ansible_user=Administrator ansible_password='{{ pw_qu_win_2 }}' ansible_winrm_server_cert_validation=ignore
在Windows VM的dev和qa中,我已使用该命令通过443端口上的https配置了一个Winrm侦听器(例如一个主机):
PS C:\Users\Administrator> winrm create winrm/config/Listener? Address=*+Transport=HTTPS '@{Hostname="eti-dcv-ha2-ap3"; CertificateThumbprint="C398C1C5857D5FDAAC791289439CB88FE9
0DE755"; Port="443"}'
该证书是我之前通过以下方式生成的本地生成的自签名证书:
New-SelfSignedCertificate -DnsName "qa_win_2" -CertStoreLocation Cert:\LocalMachine\My
在dev和uat的ansible服务器上,所有通过yum安装的python软件包都是相同的,并且版本相同。我已经检查了是否在两个Ansible服务器上都执行了此操作,并将结果放入文本文件并对其进行了比较:
yum list | grep ^python | awk '{ print $1 }' | sort
pywinrm和请求也都安装在这样的两个系统上
fgi-dcv-depl1 root# yum list | grep winrm
python2-winrm.noarch 0.3.0-1.el7 @epel.xc
fgi-dcv-depl1 root# yum list | grep requests
python-requests.noarch 2.6.0-1.el7_1 @base.xcmonthly
python2-requests_ntlm.noarch 1.1.0-1.el7 @epel.xc
python-requests-kerberos.noarch 0.7.0-2.el7 epel.xc
python-requests-toolbelt.noarch 0.8.0-1.el7 epel.xc
python-txrequests.noarch 0.9.2-3.el7 epel.xc
python2-requests.noarch 2.6.0-0.el7 epel.xc
python2-requests-file.noarch 1.4.3-3.el7 epel.xc
python2-requests-gssapi.noarch 1.0.1-1.el7 epel.xc
python2-requests-mock.noarch 1.5.2-1.el7 epel.xc
python2-requests-oauthlib.noarch 0.8.0-5.el7 base.xcmonthly
python34-requests.noarch 2.12.5-3.el7 epel.xc
python36-requests.noarch 2.12.5-3.el7 epel.xc
fgi-dcv-depl1 root#
并且超过点数:
fgi-dcv-depl1 root# pip2.7 list | grep winrm
pywinrm 0.3.0
fgi-dcv-depl1 root# pip2.7 list | grep requests
requests 2.19.1
requests-ntlm 1.1.0
fgi-dcv-depl1 root#
由于两个系统都在防火墙后面,防火墙将拒绝对Internet的访问,因此我无法通过pip安装任何内容:
fgi-dcv-depl1 root# pip2.7 install --upgrade requests
Retrying (Retry(total=4, connect=None, read=None, redirect=None)) after connection broken by 'NewConnectionError('<pip._vendor.requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7f2a4c9bd6d0>: Failed to establish a new connection: [Errno 101] Network is unreachable',)': /simple/requests/
Retrying (Retry(total=3, connect=None, read=None, redirect=None)) after connection broken by 'NewConnectionError('<pip._vendor.requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7f2a4c9bd810>: Failed to establish a new connection: [Errno 101] Network is unreachable',)': /simple/requests/
^COperation cancelled by user
fgi-dcv-depl1 root#
编辑:我发现了一些更多的想法,可以尝试通过python控制台进行winrm连接。在我的开发系统上:
fgi-dcv-appdeploysrv root# python
Python 2.7.5 (default, Jun 20 2019, 20:27:34)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-36)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import winrm
>>> s=winrm.Session('https://10.40.85.15:443',auth=('administrator','mypw'),transport='ntlm',server_cert_validation='ignore')
>>> r=s.run_cmd('ipconfig')
>>> print r.std_out
Windows IP Configuration
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : 10.40.85.15
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.40.85.1
>>> quit()
在质量检查系统上,无法导入winrm:
fgi-dcv-depl1 root# python
Python 2.7.5 (default, Jun 20 2019, 20:27:34)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-36)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import winrm
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.7/site-packages/winrm/__init__.py", line 6, in <module>
from winrm.protocol import Protocol
File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 11, in <module>
from winrm.transport import Transport
File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 15, in <module>
import requests
File "/usr/lib/python2.7/site-packages/requests/__init__.py", line 58, in <module>
from . import utils
File "/usr/lib/python2.7/site-packages/requests/utils.py", line 32, in <module>
from .exceptions import InvalidURL
File "/usr/lib/python2.7/site-packages/requests/exceptions.py", line 10, in <module>
from .packages.urllib3.exceptions import HTTPError as BaseHTTPError
File "/usr/lib/python2.7/site-packages/requests/packages/__init__.py", line 95, in load_module
raise ImportError("No module named '%s'" % (name,))
ImportError: No module named 'requests.packages.urllib3'
>>> quit()
fgi-dcv-depl1 root#
Meybe错误在这里?
有人可以在这里帮助吗?
感谢和问候, 大卫
答案 0 :(得分:0)
好的,python-urllib3似乎有些奇怪。 YUM告诉我,它尚未安装
fgi-dcv-depl1 root# yum install python-urllib3
Loaded plugins: aliases, changelog, fastestmirror, tmprepo, verify, versionlock
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package python-urllib3.noarch 0:1.10.2-5.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=======================================================================================================================================================================================================================================================================================================================================
Package Arch Version Repository Size
=======================================================================================================================================================================================================================================================================================================================================
Installing:
python-urllib3 noarch 1.10.2-5.el7 base.xcmonthly 102 k
Transaction Summary
=======================================================================================================================================================================================================================================================================================================================================
Install 1 Package
Total download size: 102 k
Installed size: 378 k
Is this ok [y/d/N]:
所以我要安装软件包:
Is this ok [y/d/N]: y
Downloading packages:
python-urllib3-1.10.2-5.el7.noarch.rpm | 102 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : python-urllib3-1.10.2-5.el7.noarch 1/1
Error unpacking rpm package python-urllib3-1.10.2-5.el7.noarch
error: unpacking of archive failed on file /usr/lib/python2.7/site-packages/urllib3/packages/ssl_match_hostname: cpio: rename
Verifying : python-urllib3-1.10.2-5.el7.noarch 1/1
Failed:
python-urllib3.noarch 0:1.10.2-5.el7
Complete!
fgi-dcv-depl1 root#
确定为什么会出错?我查看了/usr/lib/python2.7/site-packages的顶部,发现目录urllib3在那里。我将其移至/ tmp,之后便能够安装python-urllib3软件包,并且一切正常!
答案 1 :(得分:0)
使用:
sudo pip uninstall urllib3
然后尝试:
sudo yum install python-urllib3