python - winrm 或未安装请求:无法使用已安装的 pywinrm 导入名称证书
问题描述
我正在尝试在 Windows 系统上通过 ansible 推出目录、用户和标准软件。为此,我创建了一个角色来为我处理这个问题。现在我有两个环境:1 个带有两个 Windows Server 2016 虚拟机的开发环境和 1 个带有两个 Windows 2016 Server 虚拟机的 QA 环境。
角色是一样的,只有vm是其他的。
当我在开发环境方面执行我的角色时,一切正常。windows系统的所有任务都可以执行。
这是我在 ansible 的 dev 主机文件中的条目:
[dev_win_servers]
dev_win_1 ansible_host=10.40.85.15 ansible_port=443 ansible_connection=winrm ansible_winrm_transport=ntlm ansible_user=Administrator ansible_password='{{ pw_dev_win_1 }}' ansible_winrm_server_cert_validation=ignore
dev_win_2 ansible_host=10.40.85.16 ansible_port=443 ansible_connection=winrm ansible_winrm_transport=ntlm ansible_user=Administrator ansible_password='{{ pw_dev_win_2 }}' ansible_winrm_server_cert_validation=ignore
当我在 qa 系统上执行相同的角色时,我收到此错误:
TASK [Gathering Facts] ****************************************************************************************************************************************************************************************************************************************************************************************************************
fatal: [eti_banksystem_ha2_win1]: FAILED! => {"msg": "winrm or requests is not installed: cannot import name certs"}
QA 网络上的主机都是一样的,只是 IP 地址和服务器名称不同:
[qa_win_servers]
qa_win_1 ansible_host=10.40.11.100 ansible_port=443 ansible_connection=winrm ansible_winrm_transport=ntlm ansible_user=Administrator ansible_password='{{ pw_qa_win_1 }}' ansible_winrm_server_cert_validation=ignore
qa_win_2 ansible_host=10.40.11.101 ansible_port=443 ansible_connection=winrm ansible_winrm_transport=ntlm ansible_user=Administrator ansible_password='{{ pw_qu_win_2 }}' ansible_winrm_server_cert_validation=ignore
在 dev 和 qa 中的 windows VM 上,我使用该命令在端口 443 上的 https 上配置了一个 winrm 侦听器(例如一台主机):
PS C:\Users\Administrator> winrm create winrm/config/Listener? Address=*+Transport=HTTPS '@{Hostname="eti-dcv-ha2-ap3"; CertificateThumbprint="C398C1C5857D5FDAAC791289439CB88FE9
0DE755"; Port="443"}'
该证书是我之前生成的本地生成的自签名证书:
New-SelfSignedCertificate -DnsName "qa_win_2" -CertStoreLocation Cert:\LocalMachine\My
在我的 dev 和 uat 中的 ansible 服务器上,通过 yum 安装的所有 python 包都相同且版本相同。我已经检查过它在两个 ansible 服务器上执行它,将结果放入一个文本文件并对其进行比较:
yum list | grep ^python | awk '{ print $1 }' | sort
pywinrm 和 requests 也安装在这样的两个系统上
fgi-dcv-depl1 root# yum list | grep winrm
python2-winrm.noarch 0.3.0-1.el7 @epel.xc
fgi-dcv-depl1 root# yum list | grep requests
python-requests.noarch 2.6.0-1.el7_1 @base.xcmonthly
python2-requests_ntlm.noarch 1.1.0-1.el7 @epel.xc
python-requests-kerberos.noarch 0.7.0-2.el7 epel.xc
python-requests-toolbelt.noarch 0.8.0-1.el7 epel.xc
python-txrequests.noarch 0.9.2-3.el7 epel.xc
python2-requests.noarch 2.6.0-0.el7 epel.xc
python2-requests-file.noarch 1.4.3-3.el7 epel.xc
python2-requests-gssapi.noarch 1.0.1-1.el7 epel.xc
python2-requests-mock.noarch 1.5.2-1.el7 epel.xc
python2-requests-oauthlib.noarch 0.8.0-5.el7 base.xcmonthly
python34-requests.noarch 2.12.5-3.el7 epel.xc
python36-requests.noarch 2.12.5-3.el7 epel.xc
fgi-dcv-depl1 root#
超过点子:
fgi-dcv-depl1 root# pip2.7 list | grep winrm
pywinrm 0.3.0
fgi-dcv-depl1 root# pip2.7 list | grep requests
requests 2.19.1
requests-ntlm 1.1.0
fgi-dcv-depl1 root#
由于两个系统都在防火墙后面,这将拒绝访问互联网,我无法通过 pip 安装任何东西:
fgi-dcv-depl1 root# pip2.7 install --upgrade requests
Retrying (Retry(total=4, connect=None, read=None, redirect=None)) after connection broken by 'NewConnectionError('<pip._vendor.requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7f2a4c9bd6d0>: Failed to establish a new connection: [Errno 101] Network is unreachable',)': /simple/requests/
Retrying (Retry(total=3, connect=None, read=None, redirect=None)) after connection broken by 'NewConnectionError('<pip._vendor.requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7f2a4c9bd810>: Failed to establish a new connection: [Errno 101] Network is unreachable',)': /simple/requests/
^COperation cancelled by user
fgi-dcv-depl1 root#
编辑:我发现了一些更多的想法来通过 python 控制台尝试 winrm 连接。在我的开发系统上:
fgi-dcv-appdeploysrv root# python
Python 2.7.5 (default, Jun 20 2019, 20:27:34)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-36)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import winrm
>>> s=winrm.Session('https://10.40.85.15:443',auth=('administrator','mypw'),transport='ntlm',server_cert_validation='ignore')
>>> r=s.run_cmd('ipconfig')
>>> print r.std_out
Windows IP Configuration
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : 10.40.85.15
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.40.85.1
>>> quit()
在 qa 系统上,winrm 的导入不起作用:
fgi-dcv-depl1 root# python
Python 2.7.5 (default, Jun 20 2019, 20:27:34)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-36)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import winrm
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.7/site-packages/winrm/__init__.py", line 6, in <module>
from winrm.protocol import Protocol
File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 11, in <module>
from winrm.transport import Transport
File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 15, in <module>
import requests
File "/usr/lib/python2.7/site-packages/requests/__init__.py", line 58, in <module>
from . import utils
File "/usr/lib/python2.7/site-packages/requests/utils.py", line 32, in <module>
from .exceptions import InvalidURL
File "/usr/lib/python2.7/site-packages/requests/exceptions.py", line 10, in <module>
from .packages.urllib3.exceptions import HTTPError as BaseHTTPError
File "/usr/lib/python2.7/site-packages/requests/packages/__init__.py", line 95, in load_module
raise ImportError("No module named '%s'" % (name,))
ImportError: No module named 'requests.packages.urllib3'
>>> quit()
fgi-dcv-depl1 root#
Meybe错误在这里的某个地方?
有谁能在这里帮忙吗?
谢谢和最好的问候,大卫
解决方案
好的,python-urllib3 似乎有些奇怪。YUM 告诉我,它没有安装
fgi-dcv-depl1 root# yum install python-urllib3
Loaded plugins: aliases, changelog, fastestmirror, tmprepo, verify, versionlock
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package python-urllib3.noarch 0:1.10.2-5.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=======================================================================================================================================================================================================================================================================================================================================
Package Arch Version Repository Size
=======================================================================================================================================================================================================================================================================================================================================
Installing:
python-urllib3 noarch 1.10.2-5.el7 base.xcmonthly 102 k
Transaction Summary
=======================================================================================================================================================================================================================================================================================================================================
Install 1 Package
Total download size: 102 k
Installed size: 378 k
Is this ok [y/d/N]:
所以我想安装这个包:
Is this ok [y/d/N]: y
Downloading packages:
python-urllib3-1.10.2-5.el7.noarch.rpm | 102 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : python-urllib3-1.10.2-5.el7.noarch 1/1
Error unpacking rpm package python-urllib3-1.10.2-5.el7.noarch
error: unpacking of archive failed on file /usr/lib/python2.7/site-packages/urllib3/packages/ssl_match_hostname: cpio: rename
Verifying : python-urllib3-1.10.2-5.el7.noarch 1/1
Failed:
python-urllib3.noarch 0:1.10.2-5.el7
Complete!
fgi-dcv-depl1 root#
好的,为什么会出现这个错误?我查看了顶部 /usr/lib/python2.7/site-packages 并看到目录 urllib3 在那里。我已将其移至 /tmp,之后我能够安装 python-urllib3 包并且一切正常!
推荐阅读
- c# - 度数计算不准确
- go - 如何使用 go colly 在页面上获取多个元素
- docker - 当我卷曲 Kubernetes Tomcat 服务时出现 404
- mongodb - Mongodb 聚合 $gt 返回不匹配的记录
- r - 如何延长线以接触多边形?
- java - 如何在多个 JVM 上实现同步
- android - Android Studio - Gradle 同步失败
- linux - 从现有 SD 卡创建可启动映像(以便 Mender 能够转换它)
- woocommerce - Woocommerce Hook 上的语法错误(T_ENCAPSED_AND_WHITESPACE)
- delphi - 我在使用 urldecode 方法时遇到错误