个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
32
4
在尝试通过 Ansible 连接到 Windows VM 时,我遇到了这个问题:
TASK [setup] *******************************************************************
<10.xx.xx.xx> ESTABLISH WINRM CONNECTION FOR USER: winad-admin on PORT 5986 TO 10.xx.xx.xx
fatal: [10.xx.xx.xx]: UNREACHABLE! => {"changed": false, "msg": "ssl: auth method ssl requires a password", "unreachable": true}
---hosts---
[win_servers]
10.xx.xx.xx
[nonprod1_ad_servers:vars]
ansible_user=administrator
ansible_pass=Horse@1234
ansible_port=5986
ansible_connection=winrm
# The following is necessary for Python 2.7.9+ when using default WinRM self-signed certificates:
ansible_winrm_server_cert_validation=ignore
# Configure a Windows host for remote management with Ansible
# -----------------------------------------------------------
#
# This script checks the current WinRM/PSRemoting configuration and makes the
# necessary changes to allow Ansible to connect, authenticate and execute
# PowerShell commands.
#
# Set $VerbosePreference = "Continue" before running the script in order to
# see the output messages.
# Set $SkipNetworkProfileCheck to skip the network profile check. Without
# specifying this the script will only run if the device's interfaces are in
# DOMAIN or PRIVATE zones. Provide this switch if you want to enable winrm on
# a device with an interface in PUBLIC zone.
#
# Set $ForceNewSSLCert if the system has been syspreped and a new SSL Cert
# must be forced on the WinRM Listener when re-running this script. This
# is necessary when a new SID and CN name is created.
Param (
[string]$SubjectName = $env:COMPUTERNAME,
[int]$CertValidityDays = 365,
[switch]$SkipNetworkProfileCheck = $true,
$CreateSelfSignedCert = $true,
[switch]$ForceNewSSLCert = $true,
$VerbosePreference = "Continue"
)
Function New-LegacySelfSignedCert
{
Param (
[string]$SubjectName,
[int]$ValidDays = 365
)
$name = New-Object -COM "X509Enrollment.CX500DistinguishedName.1"
$name.Encode("CN=$SubjectName", 0)
$key = New-Object -COM "X509Enrollment.CX509PrivateKey.1"
$key.ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
$key.KeySpec = 1
$key.Length = 1024
$key.SecurityDescriptor = "D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)(A;;0x80120089;;;NS)"
$key.MachineContext = 1
$key.Create()
$serverauthoid = New-Object -COM "X509Enrollment.CObjectId.1"
$serverauthoid.InitializeFromValue("1.3.6.1.5.5.7.3.1")
$ekuoids = New-Object -COM "X509Enrollment.CObjectIds.1"
$ekuoids.Add($serverauthoid)
$ekuext = New-Object -COM "X509Enrollment.CX509ExtensionEnhancedKeyUsage.1"
$ekuext.InitializeEncode($ekuoids)
$cert = New-Object -COM "X509Enrollment.CX509CertificateRequestCertificate.1"
$cert.InitializeFromPrivateKey(2, $key, "")
$cert.Subject = $name
$cert.Issuer = $cert.Subject
$cert.NotBefore = (Get-Date).AddDays(-1)
$cert.NotAfter = $cert.NotBefore.AddDays($ValidDays)
$cert.X509Extensions.Add($ekuext)
$cert.Encode()
$enrollment = New-Object -COM "X509Enrollment.CX509Enrollment.1"
$enrollment.InitializeFromRequest($cert)
$certdata = $enrollment.CreateRequest(0)
$enrollment.InstallResponse(2, $certdata, 0, "")
# Return the thumbprint of the last installed certificate;
# This is needed for the new HTTPS WinRM listerner we're
# going to create further down.
Get-ChildItem "Cert:\LocalMachine\my"| Sort-Object NotBefore -Descending | Select -First 1 | Select -Expand Thumbprint
}
# Setup error handling.
Trap
{
$_
Exit 1
}
$ErrorActionPreference = "Stop"
# Detect PowerShell version.
If ($PSVersionTable.PSVersion.Major -lt 3)
{
Throw "PowerShell version 3 or higher is required."
}
# Find and start the WinRM service.
Write-Verbose "Verifying WinRM service."
If (!(Get-Service "WinRM"))
{
Throw "Unable to find the WinRM service."
}
ElseIf ((Get-Service "WinRM").Status -ne "Running")
{
Write-Verbose "Starting WinRM service."
Start-Service -Name "WinRM" -ErrorAction Stop
}
# WinRM should be running; check that we have a PS session config.
If (!(Get-PSSessionConfiguration -Verbose:$false) -or (!(Get-ChildItem WSMan:\localhost\Listener)))
{
if ($SkipNetworkProfileCheck) {
Write-Verbose "Enabling PS Remoting without checking Network profile."
Enable-PSRemoting -SkipNetworkProfileCheck -Force -ErrorAction Stop
}
else {
Write-Verbose "Enabling PS Remoting"
Enable-PSRemoting -Force -ErrorAction Stop
}
}
Else
{
Write-Verbose "PS Remoting is already enabled."
}
# Make sure there is a SSL listener.
$listeners = Get-ChildItem WSMan:\localhost\Listener
If (!($listeners | Where {$_.Keys -like "TRANSPORT=HTTPS"}))
{
# HTTPS-based endpoint does not exist.
If (Get-Command "New-SelfSignedCertificate" -ErrorAction SilentlyContinue)
{
$cert = New-SelfSignedCertificate -DnsName $SubjectName -CertStoreLocation "Cert:\LocalMachine\My"
$thumbprint = $cert.Thumbprint
Write-Host "Self-signed SSL certificate generated; thumbprint: $thumbprint"
}
Else
{
$thumbprint = New-LegacySelfSignedCert -SubjectName $SubjectName
Write-Host "(Legacy) Self-signed SSL certificate generated; thumbprint: $thumbprint"
}
# Create the hashtables of settings to be used.
$valueset = @{}
$valueset.Add('Hostname', $SubjectName)
$valueset.Add('CertificateThumbprint', $thumbprint)
$selectorset = @{}
$selectorset.Add('Transport', 'HTTPS')
$selectorset.Add('Address', '*')
Write-Verbose "Enabling SSL listener."
New-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset -ValueSet $valueset
}
Else
{
Write-Verbose "SSL listener is already active."
# Force a new SSL cert on Listener if the $ForceNewSSLCert
if($ForceNewSSLCert){
# Create the new cert.
If (Get-Command "New-SelfSignedCertificate" -ErrorAction SilentlyContinue)
{
$cert = New-SelfSignedCertificate -DnsName $SubjectName -CertStoreLocation "Cert:\LocalMachine\My"
$thumbprint = $cert.Thumbprint
Write-Host "Self-signed SSL certificate generated; thumbprint: $thumbprint"
}
Else
{
$thumbprint = New-LegacySelfSignedCert -SubjectName $SubjectName
Write-Host "(Legacy) Self-signed SSL certificate generated; thumbprint: $thumbprint"
}
$valueset = @{}
$valueset.Add('Hostname', $SubjectName)
$valueset.Add('CertificateThumbprint', $thumbprint)
# Delete the listener for SSL
$selectorset = @{}
$selectorset.Add('Transport', 'HTTPS')
$selectorset.Add('Address', '*')
Remove-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset
# Add new Listener with new SSL cert
New-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset -ValueSet $valueset
}
}
# Check for basic authentication.
$basicAuthSetting = Get-ChildItem WSMan:\localhost\Service\Auth | Where {$_.Name -eq "Basic"}
If (($basicAuthSetting.Value) -eq $false)
{
Write-Verbose "Enabling basic auth support."
Set-Item -Path "WSMan:\localhost\Service\Auth\Basic" -Value $true
}
Else
{
Write-Verbose "Basic auth is already enabled."
}
# Configure firewall to allow WinRM HTTPS connections.
$fwtest1 = netsh advfirewall firewall show rule name="Allow WinRM HTTPS"
$fwtest2 = netsh advfirewall firewall show rule name="Allow WinRM HTTPS" profile=any
If ($fwtest1.count -lt 5)
{
Write-Verbose "Adding firewall rule to allow WinRM HTTPS."
netsh advfirewall firewall add rule profile=any name="Allow WinRM HTTPS" dir=in localport=5986 protocol=TCP action=allow
}
ElseIf (($fwtest1.count -ge 5) -and ($fwtest2.count -lt 5))
{
Write-Verbose "Updating firewall rule to allow WinRM HTTPS for any profile."
netsh advfirewall firewall set rule name="Allow WinRM HTTPS" new profile=any
}
Else
{
Write-Verbose "Firewall rule already exists to allow WinRM HTTPS."
}
# Test a remoting connection to localhost, which should work.
$httpResult = Invoke-Command -ComputerName "localhost" -ScriptBlock {$env:COMPUTERNAME} -ErrorVariable httpError -ErrorAction SilentlyContinue
$httpsOptions = New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck
$httpsResult = New-PSSession -UseSSL -ComputerName "localhost" -SessionOption $httpsOptions -ErrorVariable httpsError -ErrorAction SilentlyContinue
If ($httpResult -and $httpsResult)
{
Write-Verbose "HTTP: Enabled | HTTPS: Enabled"
}
ElseIf ($httpsResult -and !$httpResult)
{
Write-Verbose "HTTP: Disabled | HTTPS: Enabled"
}
ElseIf ($httpResult -and !$httpsResult)
{
Write-Verbose "HTTP: Enabled | HTTPS: Disabled"
}
Else
{
Throw "Unable to establish an HTTP or HTTPS remoting session."
}
Write-Verbose "PS Remoting has been successfully configured for Ansible."
# telnet 10.xx.xx.xx 5986
Trying 10.xx.xx.xx...
Connected to 10.xx.xx.xx.
Escape character is '^]'.
PS C:\Users\winserver> winrm get winrm/config
Config
MaxEnvelopeSizekb = 500
MaxTimeoutms = 60000
MaxBatchItems = 32000
MaxProviderRequests = 4294967295
Client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = false
Auth
Basic = true
Digest = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = false
DefaultPorts
HTTP = 5985
HTTPS = 5986
TrustedHosts
Service
RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = false
Auth
Basic = true
Kerberos = true
Negotiate = true
Certificate = false
CredSSP = false
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = *
IPv6Filter = *
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
AllowRemoteAccess = true
Winrs
AllowRemoteShellAccess = true
IdleTimeout = 7200000
MaxConcurrentUsers = 10
MaxShellRunTime = 2147483647
MaxProcessesPerShell = 25
MaxMemoryPerShellMB = 1024
MaxShellsPerUser = 30
最佳答案
请尝试通过以下方式更改您的库存:
ansible_password=Horse@1234
关于ansible - ssl : auth method ssl requires a password,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/38638896/
32
4
0
主要问题是可以从已保存的 Auth 对象设置零 Auth 对象: let oldAuth = Auth.auth().currentUser let oldAuthId = Auth.auth().c
何时使用 this.afAuth.auth.signInWithCredential 在我的 Ionic 应用程序中一切正常。我可以使用 Google 身份验证登录并将用户个人资料推送到 fireba
我想在启动时使用我的测试用户帐户预加载 firebase auth 模拟器,就像我对 Firestore 模拟器及其导入/导出选项所做的一样。我尝试在模拟器运行时使用 auth:import 和 au
我正在尝试通过创建 Firebase DataService 来 DRY 我的应用程序,但我不知道为 Auth.auth() 转换什么类型。我查看了源代码定义,但它在我不理解的 Objective C
我有一个更新用户个人资料图片的组件:。我有第二个组件检测用户状态的变化:。问题是,在执行updateProfile()之后,没有触发auth.onAuthStateChanged()。因此,我得到了老
我正在使用 Facebook Javascript SDK,并且正在调整我网站的用户登录系统。我想知道 auth.login/auth.logout 和 auth.sessionChange 之间有什
目前,我正在完成Daniel Kehoe的Learn Ruby on Rails教程。练习之一是使用Google的Gmail帐户从“联系人”页面发送联系人表格。 但是,当我发送联系表格时,没有在邮箱中
我在我的应用中使用 Firebase Auth。我更新电子邮件如下: firebaseAuth.currentUser?.updateEmail(email) 电子邮件正在 100% 更新(必要时我也
在我的应用程序中,当我第一次让用户加入时,我会让他们登录并确认这有效,并且他们会获得一个用户 ID。但稍后在我的 Storyboard 中,我调用了 Auth.auth.currentUser.uid
我是编程新手,我正在尝试从 firebase 数据库中读取数据。我从 Firebase 手册中得到这段代码,我想知道术语 uid,AUTH.auth() 在这里是什么意思。它是一个变量吗?我从 fir
已结束。此问题不符合 Stack Overflow guidelines .它目前不接受答案。 我们不允许提出有关书籍、工具、软件库等方面的建议的问题。您可以编辑问题,以便用事实和引用来回答它。 关闭
背景 我构建了一个连接到 Authorize.net 支付网关的电子商务应用程序。管理员可以通过以下方式处理信用卡: 管理员立即从客户的信用卡中扣款的“捕获”交易。 “仅授权”交易,管理员从信用卡中授
我正在使用 dj-rest-auth ( https://dj-rest-auth.readthedocs.io/en/latest/ ) 并尝试实现自定义注册表单。当我尝试注册新用户时,我有基本表单
我们正在使用 Azure Web App Easy Auth,并使用 Web App 作为反向代理,将流量转发到 Angular 应用程序。 角度应用程序使用/.auth/me 并使用 token 并
我有一个 Controller 和一个如下所示的 View ,它在一段时间内工作完美,但是在向服务器发出一些请求后(即每秒重新加载一次),它将在此行失败 if (!$this->tank_auth-
我希望在单个 Web 应用程序中,部分部分使用身份验证,部分部分完全开放(或者更具体地说,不使用基于容器的身份验证)。 使用基于容器的身份验证的应用程序部分位于 URL /而打开的部分位于 URL /
只要我按下按钮调用 signOut 方法,当前 View Controller 就会被关闭。但是,注销过程是成功的。 (我正在使用 FirebaseAuth SDK。) 这是我的代码: @IBActi
对于Firebase iOS,如果我想做用户认证,这3个选择有什么区别吗? FirebaseUI FirebaseUI/授权 Firebase/授权 如果有人可以解释使用“预构建”FirebaseUI
我正在使用 Vue-auth 包来验证我的 vue-cli 应用程序。一切正常,但当我在我的 vue 操作中访问此代码时,它返回 undefined。有什么想法吗? const AuthService
所以我正在使用 Laravel 身份验证,第一次它工作正常,但删除 Auth 文件夹后,我再次运行 php artisan make:auth 但它不会创建另一个 Auth 文件夹。 View 和模型
我是一名优秀的程序员,十分优秀!