Ansible 和 Windows Server 之间的连接超时

我从 Ansible 开始我的学习，并希望将其应用到我工作的实际情况中。我正在从 Ubuntu 实施 Ansible 来管理 Windows Nano Server 2016。我正在配置使用映射到用户帐户的证书。我在这里建立了本教程https://adamtheautomator.com/winrm-https-ansible/

错误

我使用 win_ping 模块测试了连接，并收到了以下输出：

**ansible windows -vvvv -i hosts -m win_ping**

NanoServer | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
    debug1: /etc/ssh/ssh_config line 21: Applying options for 
    *debug1: auto-mux: Trying existing master
    debug1: Control socket \"/home/woliveira/.ansible/cp/6df2d837bc\" does not exist
    debug2: resolving \"nanoserver\" port 5986
    debug2: ssh_connect_direct
    debug1: Connecting to nanoserver [10.11.39.250] port 5986.
    debug2: fd 3 setting O_NONBLOCK
    debug1: fd 3 clearing O_NONBLOCK
    debug1: Connection established.
    debug3: timeout: 25000 ms remain after connect
    debug1: identity file /home/woliveira/.ssh/id_rsa type -1
    debug1: identity file /home/woliveira/.ssh/id_rsa-cert type -1
    debug1: identity file /home/woliveira/.ssh/id_dsa type -1
    debug1: identity file /home/woliveira/.ssh/id_dsa-cert type -1
    debug1: identity file /home/woliveira/.ssh/id_ecdsa type -1
    debug1: identity file /home/woliveira/.ssh/id_ecdsa-cert type -1
    debug1: identity file /home/woliveira/.ssh/id_ecdsa_sk type -1
    debug1: identity file /home/woliveira/.ssh/id_ecdsa_sk-cert type -1
    debug1: identity file /home/woliveira/.ssh/id_ed25519 type -1
    debug1: identity file /home/woliveira/.ssh/id_ed25519-cert type -1
    debug1: identity file /home/woliveira/.ssh/id_ed25519_sk type -1
    debug1: identity file /home/woliveira/.ssh/id_ed25519_sk-cert type -1
    debug1: identity file /home/woliveira/.ssh/id_xmss type -1
    debug1: identity file /home/woliveira/.ssh/id_xmss-cert type -1
    debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.1
    **Connection timed out during banner exchange",
    "unreachable": true**
}

接下来，我尝试增加 ansible 配置文件中的超时时间，我收到对等方重置的连接。

NanoServer | UNREACHABLE! => {
        "changed": false,
        "msg": "Failed to connect to the host via ssh: OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020
        debug1: Reading configuration data /etc/ssh/ssh_config
        debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
        debug1: /etc/ssh/ssh_config line 21: Applying options for 
        *debug1: auto-mux: Trying existing master
        debug1: Control socket \"/home/woliveira/.ansible/cp/6df2d837bc\" does not exist
        debug2: resolving \"nanoserver\" port 5986
        debug2: ssh_connect_direct
        debug1: Connecting to nanoserver [10.11.39.250] port 5986.
        debug2: fd 3 setting O_NONBLOCK
        debug1: fd 3 clearing O_NONBLOCK
        debug1: Connection established.
        debug3: timeout: 3600000 ms remain after connect
        debug1: identity file /home/woliveira/.ssh/id_rsa type -1
        debug1: identity file /home/woliveira/.ssh/id_rsa-cert type -1
        debug1: identity file /home/woliveira/.ssh/id_dsa type -1
        debug1: identity file /home/woliveira/.ssh/id_dsa-cert type -1
        debug1: identity file /home/woliveira/.ssh/id_ecdsa type -1
        debug1: identity file /home/woliveira/.ssh/id_ecdsa-cert type -1
        debug1: identity file /home/woliveira/.ssh/id_ecdsa_sk type -1
        debug1: identity file /home/woliveira/.ssh/id_ecdsa_sk-cert type -1
        debug1: identity file /home/woliveira/.ssh/id_ed25519 type -1
        debug1: identity file /home/woliveira/.ssh/id_ed25519-cert type -1
        debug1: identity file /home/woliveira/.ssh/id_ed25519_sk type -1
        debug1: identity file /home/woliveira/.ssh/id_ed25519_sk-cert type -1
        debug1: identity file /home/woliveira/.ssh/id_xmss type -1
        debug1: identity file /home/woliveira/.ssh/id_xmss-cert type -1
        debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.1
        kex_exchange_identification: read: **Connection reset by peer",
        "unreachable": true**
    }

环境设置。

Ansible 2.9.6 安装在 Ubuntu 20.04.1 LTS虚拟机中

我的 Windows 服务器如下： 操作系统名称：Microsoft Windows Server 2016 标准评估操作系统版本：10.0.14393 N/A Build 14393

两个虚拟机都有静态 IP 并且不在域中。我遵循本教程： https ://vnuggets.com/2019/08/08/ansible-certificate-authentication-to-windows/

我创建了一个名为 ansibleoperator 的 Windows 本地用户，并将该用户添加到 Local Admi Group 中。这是我的 Ansible 主机文件：

[windows]
NanoServer

[windows:vars]
ansible_user=ansibleoperator
ansible_password=*********
ansble_connection=winrm
ansible_winrm_cert_pem=/home/woliveira/cert.pem
ansible_winrm_cert_key_pem=/home/woliveira/cert_key.pem
ansible_port=5986
ansible_winrm_scheme=https
ansible_winrm_server_cert_validation=ignore

Windows 防火墙已禁用 TrustedHosts 已为任何主机配置（值 =*）

我检查过的

如果另一个 Windows 主机能够使用 winrm 连接：PS C:> Test-WSMan -ComputerName "NanoServer" -UseSSL

wsmid           : http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd
ProtocolVersion : http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
ProductVendor   : Microsoft Corporation
ProductVersion  : OS: 0.0.0 SP: 0.0 Stack: 3.0

在 Linux 端，我可以使用 Netcat 使用以下命令测试 5986 端口中的连接：

 nc -z -w1 NanoServer 5986;echo $?

输出为 0（命令成功）

我已经尝试从其他 Windows 进行连接，但这次使用 pywinrm 脚本，因为它与 Ansible 使用的库相同。我运行这个脚本：

import winrm

cert_pem = 'C:/Users/woliveira.adm/Desktop/CertificadoAnsible/cert.pem'
cert_key_pem = 'C:/Users/woliveira.adm/Desktop/CertificadoAnsible/cert_key.pem'


session = winrm.Session('NanoServer:5986', auth=('ansibleoperator', '********'),
                        transport='certificate',
                        cert_pem=cert_pem, 
                        cert_key_pem=cert_key_pem,
                        server_cert_validation='ignore',
                        )
session.run_cmd('ipconfig')

并收到这个：

Traceback (most recent call last):

  File "<ipython-input-56-b902c730fb9c>", line 1, in <module>
    runfile('C:/Users/woliveira.adm/Desktop/testewinrm.py', wdir='C:/Users/woliveira.adm/Desktop')

  File "C:\ProgramData\Anaconda3\lib\site-packages\spyder_kernels\customize\spydercustomize.py", line 786, in runfile
    execfile(filename, namespace)

  File "C:\ProgramData\Anaconda3\lib\site-packages\spyder_kernels\customize\spydercustomize.py", line 110, in execfile
    exec(compile(f.read(), filename, 'exec'), namespace)

  File "C:/Users/woliveira.adm/Desktop/testewinrm.py", line 19, in <module>
    session.run_cmd('ipconfig')

  File "C:\ProgramData\Anaconda3\lib\site-packages\winrm\__init__.py", line 39, in run_cmd
    shell_id = self.protocol.open_shell()

  File "C:\ProgramData\Anaconda3\lib\site-packages\winrm\protocol.py", line 166, in open_shell
    res = self.send_message(xmltodict.unparse(req))

  File "C:\ProgramData\Anaconda3\lib\site-packages\winrm\protocol.py", line 243, in send_message
    resp = self.transport.send_message(message)

  File "C:\ProgramData\Anaconda3\lib\site-packages\winrm\transport.py", line 323, in send_message
    response = self._send_message_request(prepared_request, message)

  File "C:\ProgramData\Anaconda3\lib\site-packages\winrm\transport.py", line 328, in _send_message_request
    response = self.session.send(prepared_request, timeout=self.read_timeout_sec)

  File "C:\ProgramData\Anaconda3\lib\site-packages\requests\sessions.py", line 646, in send
    r = adapter.send(request, **kwargs)

  File "C:\ProgramData\Anaconda3\lib\site-packages\requests\adapters.py", line 529, in send
    raise ReadTimeout(e, request=request)

ReadTimeout: HTTPConnectionPool(host='10.11.39.250', port=5986): Read timed out. (read timeout=30)

我不知道如何调试它。我可以检查什么？

对不起我的英语。如果有什么不清楚的地方，请告诉我。