Hello, I have been chasing issues with trying to get Vagrant Provision (using Ansible) to successfully connect to a Windows Server (or Desktop). I am using Gustav Vargadr’s boxes which are configured both for WinRM and SSH connectivity. I have noticed that the Ansible Provisioner Plugin has code (perhaps incomplete) to detect WinRM hosts and create the ansible inventory file, and there is a github issue (over a year old now) discussing a similar problem to what I find, but commentary suggests the ansible plugin does not support winrm. The trouble seems to be that most of the Ansible Windows Collections require WinRM connections.
My host is Ubuntu 20.04 LTS running Vagrant v.2.4.1, VirtualBox v7.0.8, and I’m running in a Python v3.9.18 virtualenv with Ansible v2.15.12 and pywinrm v0.5.0. The Vagrantfile I am building contains multiple machines, but currently each machine is provisioned as a singleton. So suppose there is a simple Vagrantfile like so:
Vagrant.configure("2") do |config|
config.vm.define "dc1" do |dc1|
dc1.vm.box = "gusztavvargadr/windows-server-2019-standard"
dc1.vm.boot_timeout = 600
dc1.vm.provision "ansible" do |a|
a.playbook = "ansible/dc1-pb.yml"
a.config_file = "ansible/ansible.cfg"
a.galaxy_role_file = "ansible/requirements.yml"
a.galaxy_command = "ansible-galaxy install --role-file=%{role_file} --roles-path=%{roles_path} --force-with-deps"
a.vault_password_file = "ansible/ansible_vault_pass"
end
end
Before getting into the provisioning aspect. I want to assert that Vagrant communicates with the machine over SSH and WinRM just fine:
$ vagrant ssh dc1
Microsoft Windows [Version 10.0.17763.5458]
(c) 2018 Microsoft Corporation. All rights reserved.
vagrant@WIN-GJ84A4NVDOT C:\Users\vagrant> exit
$ vagrant winrm -c "ping 8.8.8.8" dc1
Pinging 8.8.8.8 with 32 bytes of data:
Reply from 8.8.8.8: bytes=32 time=23ms TTL=127
Reply from 8.8.8.8: bytes=32 time=25ms TTL=127
Reply from 8.8.8.8: bytes=32 time=24ms TTL=127
Reply from 8.8.8.8: bytes=32 time=25ms TTL=127
Ping statistics for 8.8.8.8:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 23ms, Maximum = 25ms, Average = 24ms
On to Vagrant Provisioning… The ansible/requirements.yml file simply contains all of the Windows related Collections. The ansible.cfg file sets the paths for where the collections and roles are deployed and nothing else. Below is a simple playbook:
---
- hosts: all
become: yes
gather_facts: true
vars_files: ./vault.yml
become_method: runas
become_user: Administrator
tasks:
- name: LOCAL | Set Local Admin Password
ansible.windows.win_user:
name: Administrator
password: "{{ vault_win_admin_pass }}"
state: present
…And the output of vagrant provision:
<snip beginning and galaxy downloads>
dc1: Running ansible-playbook...
PLAY [all] *********************************************************************
TASK [Gathering Facts] *********************************************************
fatal: [dc1]: UNREACHABLE! => {"changed": false, "msg": "ssl: auth method ssl requires a username", "unreachable": true}
PLAY RECAP *********************************************************************
dc1 : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0
Interestingly the Vagrant generated .vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory file appears to have ssh connection details, but sets the connection method to winrm. This seems like a bug, but perhaps someone here knows better…
# Generated by Vagrant
dc1 ansible_connection=winrm ansible_ssh_host=127.0.0.1 ansible_ssh_port=55985 ansible_ssh_user='vagrant' ansible_ssh_pass='vagrant'
What can be done to get this provisioning past the connection issue? Is this a bug, should I file a report on Github?
Thanks!