未安装 winrm 或请求:无法使用已安装的 pywinrm 导入名称证书
winrm or requests is not installed: cannot import name certs with installed pywinrm
我正在尝试在 windows 系统上通过 ansible 推出目录、用户和标准软件。为此,我创建了一个角色来为我处理这个问题。
现在我有两个环境:1 个开发环境有两个 Windows Server 2016 VM,1 个 QA 环境有两个 Windows 2016 Server VM。
作用是一样的,只是vm的是其他的
当我在开发环境端执行我的角色时,一切正常。可以执行 windows 个系统的所有任务。
这是我在 ansible 开发主机文件中的条目:
[dev_win_servers]
dev_win_1 ansible_host=10.40.85.15 ansible_port=443 ansible_connection=winrm ansible_winrm_transport=ntlm ansible_user=Administrator ansible_password='{{ pw_dev_win_1 }}' ansible_winrm_server_cert_validation=ignore
dev_win_2 ansible_host=10.40.85.16 ansible_port=443 ansible_connection=winrm ansible_winrm_transport=ntlm ansible_user=Administrator ansible_password='{{ pw_dev_win_2 }}' ansible_winrm_server_cert_validation=ignore
当我在 qa 系统上执行相同的角色时,出现此错误:
TASK [Gathering Facts] ****************************************************************************************************************************************************************************************************************************************************************************************************************
fatal: [eti_banksystem_ha2_win1]: FAILED! => {"msg": "winrm or requests is not installed: cannot import name certs"}
QA 网络上的主机都一样,只是 IP 地址和服务器名称不同:
[qa_win_servers]
qa_win_1 ansible_host=10.40.11.100 ansible_port=443 ansible_connection=winrm ansible_winrm_transport=ntlm ansible_user=Administrator ansible_password='{{ pw_qa_win_1 }}' ansible_winrm_server_cert_validation=ignore
qa_win_2 ansible_host=10.40.11.101 ansible_port=443 ansible_connection=winrm ansible_winrm_transport=ntlm ansible_user=Administrator ansible_password='{{ pw_qu_win_2 }}' ansible_winrm_server_cert_validation=ignore
在 windows VM 的 dev 和 qa 中,我使用该命令(一台主机的示例)通过 https 在端口 443 上配置了一个 winrm 侦听器:
PS C:\Users\Administrator> winrm create winrm/config/Listener? Address=*+Transport=HTTPS '@{Hostname="eti-dcv-ha2-ap3"; CertificateThumbprint="C398C1C5857D5FDAAC791289439CB88FE9
0DE755"; Port="443"}'
该证书是我之前生成的本地生成的自签名证书:
New-SelfSignedCertificate -DnsName "qa_win_2" -CertStoreLocation Cert:\LocalMachine\My
在我的 ansible 服务器上,dev 和 uat 所有 python 通过 yum 安装的软件包都是相同的,并且版本相同。我已经检查过它在两个 ansible 服务器上执行它,将结果放入一个文本文件并对其进行比较:
yum list | grep ^python | awk '{ print }' | sort
pywinrm 和 requests 也像这样安装在两个系统上
fgi-dcv-depl1 root# yum list | grep winrm
python2-winrm.noarch 0.3.0-1.el7 @epel.xc
fgi-dcv-depl1 root# yum list | grep requests
python-requests.noarch 2.6.0-1.el7_1 @base.xcmonthly
python2-requests_ntlm.noarch 1.1.0-1.el7 @epel.xc
python-requests-kerberos.noarch 0.7.0-2.el7 epel.xc
python-requests-toolbelt.noarch 0.8.0-1.el7 epel.xc
python-txrequests.noarch 0.9.2-3.el7 epel.xc
python2-requests.noarch 2.6.0-0.el7 epel.xc
python2-requests-file.noarch 1.4.3-3.el7 epel.xc
python2-requests-gssapi.noarch 1.0.1-1.el7 epel.xc
python2-requests-mock.noarch 1.5.2-1.el7 epel.xc
python2-requests-oauthlib.noarch 0.8.0-5.el7 base.xcmonthly
python34-requests.noarch 2.12.5-3.el7 epel.xc
python36-requests.noarch 2.12.5-3.el7 epel.xc
fgi-dcv-depl1 root#
超过点数:
fgi-dcv-depl1 root# pip2.7 list | grep winrm
pywinrm 0.3.0
fgi-dcv-depl1 root# pip2.7 list | grep requests
requests 2.19.1
requests-ntlm 1.1.0
fgi-dcv-depl1 root#
由于两个系统都在防火墙后面,防火墙会拒绝访问互联网,因此我无法通过 pip 安装任何东西:
fgi-dcv-depl1 root# pip2.7 install --upgrade requests
Retrying (Retry(total=4, connect=None, read=None, redirect=None)) after connection broken by 'NewConnectionError('<pip._vendor.requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7f2a4c9bd6d0>: Failed to establish a new connection: [Errno 101] Network is unreachable',)': /simple/requests/
Retrying (Retry(total=3, connect=None, read=None, redirect=None)) after connection broken by 'NewConnectionError('<pip._vendor.requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7f2a4c9bd810>: Failed to establish a new connection: [Errno 101] Network is unreachable',)': /simple/requests/
^COperation cancelled by user
fgi-dcv-depl1 root#
编辑:我发现了一些想法,可以通过 python 控制台尝试 winrm 连接。在我的开发系统上:
fgi-dcv-appdeploysrv root# python
Python 2.7.5 (default, Jun 20 2019, 20:27:34)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-36)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import winrm
>>> s=winrm.Session('https://10.40.85.15:443',auth=('administrator','mypw'),transport='ntlm',server_cert_validation='ignore')
>>> r=s.run_cmd('ipconfig')
>>> print r.std_out
Windows IP Configuration
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : 10.40.85.15
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.40.85.1
>>> quit()
在 qa 系统上,winrm 的导入不起作用:
fgi-dcv-depl1 root# python
Python 2.7.5 (default, Jun 20 2019, 20:27:34)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-36)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import winrm
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.7/site-packages/winrm/__init__.py", line 6, in <module>
from winrm.protocol import Protocol
File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 11, in <module>
from winrm.transport import Transport
File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 15, in <module>
import requests
File "/usr/lib/python2.7/site-packages/requests/__init__.py", line 58, in <module>
from . import utils
File "/usr/lib/python2.7/site-packages/requests/utils.py", line 32, in <module>
from .exceptions import InvalidURL
File "/usr/lib/python2.7/site-packages/requests/exceptions.py", line 10, in <module>
from .packages.urllib3.exceptions import HTTPError as BaseHTTPError
File "/usr/lib/python2.7/site-packages/requests/packages/__init__.py", line 95, in load_module
raise ImportError("No module named '%s'" % (name,))
ImportError: No module named 'requests.packages.urllib3'
>>> quit()
fgi-dcv-depl1 root#
可能是哪里出了问题?
有人可以帮忙吗?
谢谢并致以最诚挚的问候,
大卫
好的,python-urllib3 似乎有些奇怪。 YUM 告诉我,它没有安装
fgi-dcv-depl1 root# yum install python-urllib3
Loaded plugins: aliases, changelog, fastestmirror, tmprepo, verify, versionlock
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package python-urllib3.noarch 0:1.10.2-5.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=======================================================================================================================================================================================================================================================================================================================================
Package Arch Version Repository Size
=======================================================================================================================================================================================================================================================================================================================================
Installing:
python-urllib3 noarch 1.10.2-5.el7 base.xcmonthly 102 k
Transaction Summary
=======================================================================================================================================================================================================================================================================================================================================
Install 1 Package
Total download size: 102 k
Installed size: 378 k
Is this ok [y/d/N]:
所以我想安装这个包:
Is this ok [y/d/N]: y
Downloading packages:
python-urllib3-1.10.2-5.el7.noarch.rpm | 102 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : python-urllib3-1.10.2-5.el7.noarch 1/1
Error unpacking rpm package python-urllib3-1.10.2-5.el7.noarch
error: unpacking of archive failed on file /usr/lib/python2.7/site-packages/urllib3/packages/ssl_match_hostname: cpio: rename
Verifying : python-urllib3-1.10.2-5.el7.noarch 1/1
Failed:
python-urllib3.noarch 0:1.10.2-5.el7
Complete!
fgi-dcv-depl1 root#
好的,为什么会出现这个错误?我查看了 /usr/lib/python2.7/site-packages 并看到目录 urllib3 在那里。我已经将它移动到 /tmp,之后我能够安装 python-urllib3 包并且一切正常!
使用:
sudo pip uninstall urllib3
然后尝试:
sudo yum install python-urllib3
我正在尝试在 windows 系统上通过 ansible 推出目录、用户和标准软件。为此,我创建了一个角色来为我处理这个问题。 现在我有两个环境:1 个开发环境有两个 Windows Server 2016 VM,1 个 QA 环境有两个 Windows 2016 Server VM。
作用是一样的,只是vm的是其他的
当我在开发环境端执行我的角色时,一切正常。可以执行 windows 个系统的所有任务。
这是我在 ansible 开发主机文件中的条目:
[dev_win_servers]
dev_win_1 ansible_host=10.40.85.15 ansible_port=443 ansible_connection=winrm ansible_winrm_transport=ntlm ansible_user=Administrator ansible_password='{{ pw_dev_win_1 }}' ansible_winrm_server_cert_validation=ignore
dev_win_2 ansible_host=10.40.85.16 ansible_port=443 ansible_connection=winrm ansible_winrm_transport=ntlm ansible_user=Administrator ansible_password='{{ pw_dev_win_2 }}' ansible_winrm_server_cert_validation=ignore
当我在 qa 系统上执行相同的角色时,出现此错误:
TASK [Gathering Facts] ****************************************************************************************************************************************************************************************************************************************************************************************************************
fatal: [eti_banksystem_ha2_win1]: FAILED! => {"msg": "winrm or requests is not installed: cannot import name certs"}
QA 网络上的主机都一样,只是 IP 地址和服务器名称不同:
[qa_win_servers]
qa_win_1 ansible_host=10.40.11.100 ansible_port=443 ansible_connection=winrm ansible_winrm_transport=ntlm ansible_user=Administrator ansible_password='{{ pw_qa_win_1 }}' ansible_winrm_server_cert_validation=ignore
qa_win_2 ansible_host=10.40.11.101 ansible_port=443 ansible_connection=winrm ansible_winrm_transport=ntlm ansible_user=Administrator ansible_password='{{ pw_qu_win_2 }}' ansible_winrm_server_cert_validation=ignore
在 windows VM 的 dev 和 qa 中,我使用该命令(一台主机的示例)通过 https 在端口 443 上配置了一个 winrm 侦听器:
PS C:\Users\Administrator> winrm create winrm/config/Listener? Address=*+Transport=HTTPS '@{Hostname="eti-dcv-ha2-ap3"; CertificateThumbprint="C398C1C5857D5FDAAC791289439CB88FE9
0DE755"; Port="443"}'
该证书是我之前生成的本地生成的自签名证书:
New-SelfSignedCertificate -DnsName "qa_win_2" -CertStoreLocation Cert:\LocalMachine\My
在我的 ansible 服务器上,dev 和 uat 所有 python 通过 yum 安装的软件包都是相同的,并且版本相同。我已经检查过它在两个 ansible 服务器上执行它,将结果放入一个文本文件并对其进行比较:
yum list | grep ^python | awk '{ print }' | sort
pywinrm 和 requests 也像这样安装在两个系统上
fgi-dcv-depl1 root# yum list | grep winrm
python2-winrm.noarch 0.3.0-1.el7 @epel.xc
fgi-dcv-depl1 root# yum list | grep requests
python-requests.noarch 2.6.0-1.el7_1 @base.xcmonthly
python2-requests_ntlm.noarch 1.1.0-1.el7 @epel.xc
python-requests-kerberos.noarch 0.7.0-2.el7 epel.xc
python-requests-toolbelt.noarch 0.8.0-1.el7 epel.xc
python-txrequests.noarch 0.9.2-3.el7 epel.xc
python2-requests.noarch 2.6.0-0.el7 epel.xc
python2-requests-file.noarch 1.4.3-3.el7 epel.xc
python2-requests-gssapi.noarch 1.0.1-1.el7 epel.xc
python2-requests-mock.noarch 1.5.2-1.el7 epel.xc
python2-requests-oauthlib.noarch 0.8.0-5.el7 base.xcmonthly
python34-requests.noarch 2.12.5-3.el7 epel.xc
python36-requests.noarch 2.12.5-3.el7 epel.xc
fgi-dcv-depl1 root#
超过点数:
fgi-dcv-depl1 root# pip2.7 list | grep winrm
pywinrm 0.3.0
fgi-dcv-depl1 root# pip2.7 list | grep requests
requests 2.19.1
requests-ntlm 1.1.0
fgi-dcv-depl1 root#
由于两个系统都在防火墙后面,防火墙会拒绝访问互联网,因此我无法通过 pip 安装任何东西:
fgi-dcv-depl1 root# pip2.7 install --upgrade requests
Retrying (Retry(total=4, connect=None, read=None, redirect=None)) after connection broken by 'NewConnectionError('<pip._vendor.requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7f2a4c9bd6d0>: Failed to establish a new connection: [Errno 101] Network is unreachable',)': /simple/requests/
Retrying (Retry(total=3, connect=None, read=None, redirect=None)) after connection broken by 'NewConnectionError('<pip._vendor.requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7f2a4c9bd810>: Failed to establish a new connection: [Errno 101] Network is unreachable',)': /simple/requests/
^COperation cancelled by user
fgi-dcv-depl1 root#
编辑:我发现了一些想法,可以通过 python 控制台尝试 winrm 连接。在我的开发系统上:
fgi-dcv-appdeploysrv root# python
Python 2.7.5 (default, Jun 20 2019, 20:27:34)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-36)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import winrm
>>> s=winrm.Session('https://10.40.85.15:443',auth=('administrator','mypw'),transport='ntlm',server_cert_validation='ignore')
>>> r=s.run_cmd('ipconfig')
>>> print r.std_out
Windows IP Configuration
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : 10.40.85.15
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.40.85.1
>>> quit()
在 qa 系统上,winrm 的导入不起作用:
fgi-dcv-depl1 root# python
Python 2.7.5 (default, Jun 20 2019, 20:27:34)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-36)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import winrm
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.7/site-packages/winrm/__init__.py", line 6, in <module>
from winrm.protocol import Protocol
File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 11, in <module>
from winrm.transport import Transport
File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 15, in <module>
import requests
File "/usr/lib/python2.7/site-packages/requests/__init__.py", line 58, in <module>
from . import utils
File "/usr/lib/python2.7/site-packages/requests/utils.py", line 32, in <module>
from .exceptions import InvalidURL
File "/usr/lib/python2.7/site-packages/requests/exceptions.py", line 10, in <module>
from .packages.urllib3.exceptions import HTTPError as BaseHTTPError
File "/usr/lib/python2.7/site-packages/requests/packages/__init__.py", line 95, in load_module
raise ImportError("No module named '%s'" % (name,))
ImportError: No module named 'requests.packages.urllib3'
>>> quit()
fgi-dcv-depl1 root#
可能是哪里出了问题?
有人可以帮忙吗?
谢谢并致以最诚挚的问候, 大卫
好的,python-urllib3 似乎有些奇怪。 YUM 告诉我,它没有安装
fgi-dcv-depl1 root# yum install python-urllib3
Loaded plugins: aliases, changelog, fastestmirror, tmprepo, verify, versionlock
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package python-urllib3.noarch 0:1.10.2-5.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=======================================================================================================================================================================================================================================================================================================================================
Package Arch Version Repository Size
=======================================================================================================================================================================================================================================================================================================================================
Installing:
python-urllib3 noarch 1.10.2-5.el7 base.xcmonthly 102 k
Transaction Summary
=======================================================================================================================================================================================================================================================================================================================================
Install 1 Package
Total download size: 102 k
Installed size: 378 k
Is this ok [y/d/N]:
所以我想安装这个包:
Is this ok [y/d/N]: y
Downloading packages:
python-urllib3-1.10.2-5.el7.noarch.rpm | 102 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : python-urllib3-1.10.2-5.el7.noarch 1/1
Error unpacking rpm package python-urllib3-1.10.2-5.el7.noarch
error: unpacking of archive failed on file /usr/lib/python2.7/site-packages/urllib3/packages/ssl_match_hostname: cpio: rename
Verifying : python-urllib3-1.10.2-5.el7.noarch 1/1
Failed:
python-urllib3.noarch 0:1.10.2-5.el7
Complete!
fgi-dcv-depl1 root#
好的,为什么会出现这个错误?我查看了 /usr/lib/python2.7/site-packages 并看到目录 urllib3 在那里。我已经将它移动到 /tmp,之后我能够安装 python-urllib3 包并且一切正常!
使用:
sudo pip uninstall urllib3
然后尝试:
sudo yum install python-urllib3