未安装 winrm 或请求:无法使用已安装的 pywinrm 导入名称证书

winrm or requests is not installed: cannot import name certs with installed pywinrm

我正在尝试在 windows 系统上通过 ansible 推出目录、用户和标准软件。为此,我创建了一个角色来为我处理这个问题。 现在我有两个环境:1 个开发环境有两个 Windows Server 2016 VM,1 个 QA 环境有两个 Windows 2016 Server VM。

作用是一样的,只是vm的是其他的

当我在开发环境端执行我的角色时,一切正常。可以执行 windows 个系统的所有任务。

这是我在 ansible 开发主机文件中的条目:

[dev_win_servers]
dev_win_1 ansible_host=10.40.85.15 ansible_port=443 ansible_connection=winrm ansible_winrm_transport=ntlm ansible_user=Administrator ansible_password='{{ pw_dev_win_1 }}' ansible_winrm_server_cert_validation=ignore 
dev_win_2 ansible_host=10.40.85.16 ansible_port=443 ansible_connection=winrm ansible_winrm_transport=ntlm ansible_user=Administrator ansible_password='{{ pw_dev_win_2 }}' ansible_winrm_server_cert_validation=ignore

当我在 qa 系统上执行相同的角色时,出现此错误:

TASK [Gathering Facts] ****************************************************************************************************************************************************************************************************************************************************************************************************************
fatal: [eti_banksystem_ha2_win1]: FAILED! => {"msg": "winrm or requests is not installed: cannot import name certs"}

QA 网络上的主机都一样,只是 IP 地址和服务器名称不同:

[qa_win_servers]
qa_win_1 ansible_host=10.40.11.100 ansible_port=443 ansible_connection=winrm ansible_winrm_transport=ntlm ansible_user=Administrator ansible_password='{{ pw_qa_win_1 }}' ansible_winrm_server_cert_validation=ignore
qa_win_2 ansible_host=10.40.11.101 ansible_port=443 ansible_connection=winrm ansible_winrm_transport=ntlm ansible_user=Administrator ansible_password='{{ pw_qu_win_2 }}' ansible_winrm_server_cert_validation=ignore

在 windows VM 的 dev 和 qa 中,我使用该命令(一台主机的示例)通过 https 在端口 443 上配置了一个 winrm 侦听器:

PS C:\Users\Administrator> winrm create winrm/config/Listener? Address=*+Transport=HTTPS '@{Hostname="eti-dcv-ha2-ap3"; CertificateThumbprint="C398C1C5857D5FDAAC791289439CB88FE9
0DE755"; Port="443"}'

该证书是我之前生成的本地生成的自签名证书:

New-SelfSignedCertificate -DnsName "qa_win_2" -CertStoreLocation Cert:\LocalMachine\My

在我的 ansible 服务器上,dev 和 uat 所有 python 通过 yum 安装的软件包都是相同的,并且版本相同。我已经检查过它在两个 ansible 服务器上执行它,将结果放入一个文本文件并对其进行比较:

yum list | grep ^python | awk '{ print  }' | sort

pywinrm 和 requests 也像这样安装在两个系统上

fgi-dcv-depl1 root# yum list | grep winrm
python2-winrm.noarch                  0.3.0-1.el7              @epel.xc         
fgi-dcv-depl1 root# yum list | grep requests
python-requests.noarch                2.6.0-1.el7_1            @base.xcmonthly  
python2-requests_ntlm.noarch          1.1.0-1.el7              @epel.xc         
python-requests-kerberos.noarch       0.7.0-2.el7              epel.xc          
python-requests-toolbelt.noarch       0.8.0-1.el7              epel.xc          
python-txrequests.noarch              0.9.2-3.el7              epel.xc          
python2-requests.noarch               2.6.0-0.el7              epel.xc          
python2-requests-file.noarch          1.4.3-3.el7              epel.xc          
python2-requests-gssapi.noarch        1.0.1-1.el7              epel.xc          
python2-requests-mock.noarch          1.5.2-1.el7              epel.xc          
python2-requests-oauthlib.noarch      0.8.0-5.el7              base.xcmonthly   
python34-requests.noarch              2.12.5-3.el7             epel.xc          
python36-requests.noarch              2.12.5-3.el7             epel.xc          
fgi-dcv-depl1 root#

超过点数:

fgi-dcv-depl1 root# pip2.7 list | grep winrm
pywinrm                          0.3.0    
fgi-dcv-depl1 root# pip2.7 list | grep requests
requests                         2.19.1   
requests-ntlm                    1.1.0    
fgi-dcv-depl1 root# 

由于两个系统都在防火墙后面,防火墙会拒绝访问互联网,因此我无法通过 pip 安装任何东西:

fgi-dcv-depl1 root# pip2.7 install --upgrade requests
Retrying (Retry(total=4, connect=None, read=None, redirect=None)) after connection broken by 'NewConnectionError('<pip._vendor.requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7f2a4c9bd6d0>: Failed to establish a new connection: [Errno 101] Network is unreachable',)': /simple/requests/
Retrying (Retry(total=3, connect=None, read=None, redirect=None)) after connection broken by 'NewConnectionError('<pip._vendor.requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7f2a4c9bd810>: Failed to establish a new connection: [Errno 101] Network is unreachable',)': /simple/requests/
^COperation cancelled by user
fgi-dcv-depl1 root#

编辑:我发现了一些想法,可以通过 python 控制台尝试 winrm 连接。在我的开发系统上:

fgi-dcv-appdeploysrv root# python
Python 2.7.5 (default, Jun 20 2019, 20:27:34) 
[GCC 4.8.5 20150623 (Red Hat 4.8.5-36)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import winrm
>>> s=winrm.Session('https://10.40.85.15:443',auth=('administrator','mypw'),transport='ntlm',server_cert_validation='ignore')
>>> r=s.run_cmd('ipconfig')
>>> print r.std_out

Windows IP Configuration


Ethernet adapter Ethernet0:

   Connection-specific DNS Suffix  . : 
   IPv4 Address. . . . . . . . . . . : 10.40.85.15
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.40.85.1

>>> quit()

在 qa 系统上,winrm 的导入不起作用:

fgi-dcv-depl1 root# python
Python 2.7.5 (default, Jun 20 2019, 20:27:34) 
[GCC 4.8.5 20150623 (Red Hat 4.8.5-36)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import winrm
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python2.7/site-packages/winrm/__init__.py", line 6, in <module>
    from winrm.protocol import Protocol
  File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 11, in <module>
    from winrm.transport import Transport
  File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 15, in <module>
    import requests
  File "/usr/lib/python2.7/site-packages/requests/__init__.py", line 58, in <module>
    from . import utils
  File "/usr/lib/python2.7/site-packages/requests/utils.py", line 32, in <module>
    from .exceptions import InvalidURL
  File "/usr/lib/python2.7/site-packages/requests/exceptions.py", line 10, in <module>
    from .packages.urllib3.exceptions import HTTPError as BaseHTTPError
  File "/usr/lib/python2.7/site-packages/requests/packages/__init__.py", line 95, in load_module
    raise ImportError("No module named '%s'" % (name,))
ImportError: No module named 'requests.packages.urllib3'
>>> quit()
fgi-dcv-depl1 root#

可能是哪里出了问题?

有人可以帮忙吗?

谢谢并致以最诚挚的问候, 大卫

好的,python-urllib3 似乎有些奇怪。 YUM 告诉我,它没有安装

fgi-dcv-depl1 root# yum install python-urllib3
Loaded plugins: aliases, changelog, fastestmirror, tmprepo, verify, versionlock
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package python-urllib3.noarch 0:1.10.2-5.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=======================================================================================================================================================================================================================================================================================================================================
 Package                                                                           Arch                                                                      Version                                                                           Repository                                                                         Size
=======================================================================================================================================================================================================================================================================================================================================
Installing:
 python-urllib3                                                                    noarch                                                                    1.10.2-5.el7                                                                      base.xcmonthly                                                                    102 k

Transaction Summary
=======================================================================================================================================================================================================================================================================================================================================
Install  1 Package

Total download size: 102 k
Installed size: 378 k
Is this ok [y/d/N]:

所以我想安装这个包:

Is this ok [y/d/N]: y
Downloading packages:
python-urllib3-1.10.2-5.el7.noarch.rpm                                                                                                                                                                                                                                                                          | 102 kB  00:00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : python-urllib3-1.10.2-5.el7.noarch                                                                                                                                                                                                                                                                                  1/1 
Error unpacking rpm package python-urllib3-1.10.2-5.el7.noarch
error: unpacking of archive failed on file /usr/lib/python2.7/site-packages/urllib3/packages/ssl_match_hostname: cpio: rename
  Verifying  : python-urllib3-1.10.2-5.el7.noarch                                                                                                                                                                                                                                                                                  1/1 

Failed:
  python-urllib3.noarch 0:1.10.2-5.el7                                                                                                                                                                                                                                                                                                 

Complete!
fgi-dcv-depl1 root#

好的,为什么会出现这个错误?我查看了 /usr/lib/python2.7/site-packages 并看到目录 urllib3 在那里。我已经将它移动到 /tmp,之后我能够安装 python-urllib3 包并且一切正常!

使用:

sudo pip uninstall urllib3

然后尝试:

sudo yum install python-urllib3