VMware Cloud Community
gbeke
Enthusiast
Enthusiast
‎12-15-2021 06:29 AM

WINRM configuration to use with Ansible

Hi,

This is not really a vRA question, but I know there are so many knowledgable people here I'm hoping that someone can help me my problem. We have vRA 8.6.1 and since VMware decided that you can only connect one AD with one project we have to look at other options to add servers deployed with vRA to our AD Domains. Ansible seems like a good solution but we are struggling with the connection between the Ansible server, community edition version 2.9.9, and the deployed vm's. We have triple checked that all necessary ports are open between the Ansible server and the vm.

To configure the vm's we have tried the steps in the Ansible documentation. Using this, deployment from vRA failes with this error: Authentication on Compute resource failed. Either supply the appropriate password/privateKeyFile or set up remoteAccess:authentication. See the Cloud Assembly documentation for examples of how to set up remote authentication on the Compute resource.

We then try to run a simple playbook from the ansible server itself that just displays the winrm configuration on the server. This fails with this error: fatal: [10.204.38.20]: UNREACHABLE! => {"changed": false, "msg": "certificate: HTTPSConnectionPool(host='10.204.38.20', port=5986): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<urllib3.connection.VerifiedHTTPSConnection object at 0x7f87690310b8>, 'Connection to 10.204.38.20 timed out. (connect timeout=30)'))", "unreachable": true}. 

After googling we found a script for configuring winrm for Ansible. When using this script deployment from vRA fails with the same error. If we disable encryption we are able to run the simple playbook previously mentioned from the Ansible server, using basic authentication.

We've been using this blog as inspiration trying to get this to work. The ansible part of our blueprint basically looks like the one on the blog. The main difference is that we have tried with Administrator user.

Are there more steps that needs to be done, either on the template or in Ansible to get this to work?

When deploying from vRA we understand that vRA updates the inventory file and that vRA also creates host_vars directory where the inventory file is. We see no indication that vRA touches the inventory file and there are no host_vars directory. We've followed the steps in the vRA documentation to create the Ansible integration using password not key file, but again, are there additional steps that needs to be taken to get this to work that are not mentioned in the documentation?

Any help with this will be greatly appreciated. 

 

0 Kudos
1 Reply
gbeke
Enthusiast
Enthusiast
‎12-16-2021 05:12 AM

We disovered today that the Administrator user had no password after deployment. We haven't figured out why that happens but after we changed the machine compoentent in the cloud template from "cloud agnostic machine" to "vSphere machine" and specified a custom specification we got Ansible working.

0 Kudos