I'm trying to authenticate to a REST API with using NTLM authentication.
First I tried uri module but that didn't have support for NTLM. So I installed win_uri because looks like its supporting ntlm https://docs.ansible.com/ansible/latest/collections/ansible/windows/win_uri_module.html#parameter-use_default_credential
However when I use win_uri. Somehow its trying to run commands on localhost using Powershell. I somehow need to seperate connecting to localhost and connecting to REST api part. But not sure how I can do this?
---
# playbooks/pki.yaml
- name: Playbook for cert automation
gather_facts: no
hosts: localhost
tasks:
- name: Get values
win_uri:
url: https://{{ api_url }}/SearchRequests
method: POST
src: body.json
body_format: json
validate_certs: no
url_username: {{ user }}
url_password: {{ password }}
return_content: true
And the result is
PLAY [Playbook for cert automation] ********************************************************************************************************************************
TASK [Get values] **********************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "module_stderr": "/bin/sh: 1: powershell: not found\n", "module_stdout": "", "msg": "The module failed to execute correctly, you probably need to set the interpreter.\nSee stdout/stderr for the exact error", "rc": 127}
PLAY RECAP *********************************************************************************************************************************************************
localhost : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
Related
Problem
Does anyone know how to configure bootstrap.yml to tell Spring Cloud Vault to go to the correct path for k2 v2 and not try other paths first?
Details
I can successfully connect to my Vault, running k2 v2, but Spring Cloud will always try to connect to paths in the vault that don't exist, throwing a 403 on startup.
Status 403 Forbidden [secret/application]: permission denied; nested exception is org.springframework.web.client.HttpClientErrorException$Forbidden: 403 Forbidden
The above path, secret/application, doesn't exist because k2 v2 puts data in the path. For example: secret/data/application.
This isn't a show-stopper because Spring Cloud Vault does check other paths, including the correct one that has the data item in the path, but the fact a meaningless 403 is thrown during startup is like a splinter in my mind.
Ultimately, it does try the correct k2 v2 path
2019-03-18 12:22:46.611 INFO 77685 --- [ restartedMain] b.c.PropertySourceBootstrapConfiguration : Located property source: CompositePropertySource {name='vault', propertySources=[LeaseAwareVaultPropertySource {name='secret/data/my-app'}
My configuration
spring.cloud.vault:
kv:
enabled: true
backend: secret
profile-separator: '/'
default-context: my-app
application-name: my-app
host: localhost
port: 8200
scheme: http
authentication: TOKEN
token: my-crazy-long-token-string
Thanks for your help!
Add the following lines in your bootstrap.yml, this disables the generic backend
spring.cloud.vault:
generic:
enabled: false
for more information https://cloud.spring.io/spring-cloud-vault/reference/html/#vault.config.backends.generic
In addition to the accepted answer it's important to turn off (or just remove) fail-fast option:
spring.cloud.vault:
fail-fast: false
spring.cloud.vault.generic.enabled is deprecated in spring-cloud 3.0.0, but the 403 error is still there. To disable the warning (by telling spring to use the exact context), this is what I used:
spring:
config:
import: vault://
application:
name: my-application
cloud:
vault:
host: localhost
scheme: http
authentication: TOKEN
token: my-crazy-long-token-string
kv:
default-context: my-application
Other configs were set to default (such as port = 8200, backend = secret, etc.)
Through the ansible documentation page, I see ansible supporting sending email via sendgrid. I have tried following the code example but I still failed to send and exit the following message.
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
PLAY [localhost] *********************************************************************************************************************************************************************************
TASK [Gathering Facts] ***************************************************************************************************************************************************************************
ok: [localhost]
TASK [sendgrid] **********************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "parameters are mutually exclusive: api_key, username"}
to retry, use: --limit #/home/valutac/opreker/mail-test.retry
PLAY RECAP ***************************************************************************************************************************************************************************************
localhost : ok=1 changed=0 unreachable=0 failed=1
Here I also display the contents of the playbook
---
- hosts: localhost
tasks:
- sendgrid:
username: "mail"
password: "xxx"
api_key: "SG.1414rfdsvefvwev.dsadasvef34r2-3e1qdqecweqc"
from_address: "ansible#mycompany.com"
to_addresses:
- "ops#mycompany.com"
subject: "Deployment success."
body: "The most recent Ansible deployment was successful."
The error msg is clear:
parameters are mutually exclusive: api_key, username
Doc explains:
username for logging into the SendGrid account.
Since 2.2 it is only required if api_key is not supplied.
I am trying to send send an email from ansible
If I try it with gmail it works perfectly, However If I try with office 365 its not working.
Below is my Playbook.
---
- name: Mail Sendig using Ansible
hosts: localhost
tasks:
- name: Mail sending using Mail Module
mail:
host: "smtp.office365.com"
port: 587
username: "dcalert#mycompany.com"
password: "mypasswd"
to: "Jon Snow <jon.snow#mycompany.com>"
subject: "Ansible"
body: "Hello from Ansible"
secure: starttls
I am getting below error
ASK [Send email]
*******************************************************************
An exception occurred during task execution. To see the full
traceback, use -vvv. The error was: SMTPSenderRefused: (501, '5.1.7
Invalid address', 'root')
fatal: [localhost -> localhost]: FAILED! => {"changed": false,
"failed": true, "msg": "Failed to send mail to
jon.snow#mycompany.com: (501, '5.1.7 Invalid address',
'root')", "rc": 1}
You're missing fromparameter...
Take a look here: Ansible Mail Module
It says the parameter from defaults to root. Since you're not setting it, mail server says its invalid. Probably gmail doesnt handle it the same way as office365.
Give this a try...
---
- name: Mail Sendig using Ansible
hosts: localhost
tasks:
- name: Mail sending using Mail Module
mail:
host: "smtp.office365.com"
port: 587
username: "dcalert#mycompany.com"
password: "mypasswd"
from: "dcalert#mycompany.com"
to: "Jon Snow <jon.snow#mycompany.com>"
subject: "Ansible"
body: "Hello from Ansible"
secure: starttls
I'm new at consul and I try to setup a server-client environment. I have started my server with the following command and configuration:
consul.exe agent -ui -config-dir=P:\Consule\config
The config file looks the following ("P:\Consule\config\server.json")
{
"bootstrap": false,
"server": true,
"datacenter": "MyServices",
"data_dir": "P:\\Consule\\data",
"log_level": "INFO"
}
Output when I start consul from commandline with above command:
==> Starting Consul agent...
==> Consul agent running!
Version: 'v0.8.3'
Node ID: '1a244456-e725-44be-0549-33603ea7087d'
Node name: 'MYCOMPUTERNAMEA'
Datacenter: 'myservices'
Server: true (bootstrap: false)
Client Addr: 127.0.0.1 (HTTP: 8500, HTTPS: -1, DNS: 8600)
Cluster Addr: 127.0.0.1 (LAN: 8301, WAN: 8302)
Gossip encrypt: false, RPC-TLS: false, TLS-Incoming: false
Atlas: <disabled>
Now, at another computer in my domain I try to run an consul client with follwoing commandline and config-file:
consul.exe agent -config-dir C:\Consul -bind=127.0.0.1
Config file ("C:\Consul\client.json")
{
"server": false,
"datacenter": "MyServices",
"data_dir": "C:\\TEMP",
"log_level": "INFO",
"start_join": ["MYCOMPUTERNAMEA"]
}
But I always get follwing output/error message:
==> Starting Consul agent...
==> Joining cluster...
==> 1 error(s) occurred:
* Failed to join <IP_OF_MYCOMPUTERNAMEA>: dial tcp <IP_OF_MYCOMPUTERNAMEA>:8301: connectex: No connection could be made because the target machine actively refused it.
Does anyone know what I'm doing wrong?
Thanks and best regards
I suppose, the reason is that your server is available only for 127.0.0.1 ip-address, which is localhost ip and available only from the same server. This can be seen here:
Client Addr: 127.0.0.1 (HTTP: 8500, HTTPS: -1, DNS: 8600)
Cluster Addr: 127.0.0.1 (LAN: 8301, WAN: 8302)
You have to configure your server, to make it listening all network interfaces or some specific interface, which have to be available from other server.
Try to run it with the client and advertise options set to 0.0.0.0 (or some specific ip). Read about it here and here.
And you might have to delete -bind=127.0.0.1 from the client configuration, since it might be available from the server too.
I'm trying to configure mail with an Exchange server.
This is my configuration
grails {
mail {
host = "mail.xxx.xx.xx"
port = 443
username = "username"
password = "password"
props = [ "mail.smtp.auth":"true",
"mail.smtp.port":"443",
"mail.smtp.ssl.enable" :"true"
]
}
}
I'm getting the following error
Message: org.springframework.mail.MailSendException: Mail server connection failed; nested exception is javax.mail.MessagingException: Exception reading response;
nested exception is:
java.net.SocketException: Connection reset. Failed messages: javax.mail.MessagingException: Exception reading response;
I know it's an issue with the props that I have to change, since this configuration works on my mail app.
I know that the port is correct, it uses SSL.
I also tried using these props
props = ["mail.smtp.timeout" : "100000",
"mail.smtp.starttls.enable" : "true",
"mail.smtp.EnableSSL.enable" : "true",
"mail.transport.protocol" : "smtps",
"mail.smtp.socketFactory.port" : "443",
"mail.smtp.auth" : "true",
"mail.smtp.socketFactory.class" : "javax.net.ssl.SSLSocketFactory",
"mail.smtp.socketFactory.fallback": "false",
"mail.debug" : "true"]
The debug result it this :
DEBUG: JavaMail version 1.5.1
DEBUG: successfully loaded resource: /META-INF/javamail.default.providers
DEBUG: Tables of loaded providers
DEBUG: Providers Listed By Class Name: {com.sun.mail.smtp.SMTPSSLTransport=javax.mail.Provider[TRANSPORT,smtps,com.sun.mail.smtp.SMTPSSLTransport,Oracle], com.sun.mail.smtp.SMTPTransport=javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.smtp.SMTPTransport,Oracle], com.sun.mail.imap.IMAPSSLStore=javax.mail.Provider[STORE,imaps,com.sun.mail.imap.IMAPSSLStore,Oracle], com.sun.mail.pop3.POP3SSLStore=javax.mail.Provider[STORE,pop3s,com.sun.mail.pop3.POP3SSLStore,Oracle], com.sun.mail.imap.IMAPStore=javax.mail.Provider[STORE,imap,com.sun.mail.imap.IMAPStore,Oracle], com.sun.mail.pop3.POP3Store=javax.mail.Provider[STORE,pop3,com.sun.mail.pop3.POP3Store,Oracle]}
DEBUG: Providers Listed By Protocol: {imaps=javax.mail.Provider[STORE,imaps,com.sun.mail.imap.IMAPSSLStore,Oracle], imap=javax.mail.Provider[STORE,imap,com.sun.mail.imap.IMAPStore,Oracle], smtps=javax.mail.Provider[TRANSPORT,smtps,com.sun.mail.smtp.SMTPSSLTransport,Oracle], pop3=javax.mail.Provider[STORE,pop3,com.sun.mail.pop3.POP3Store,Oracle], pop3s=javax.mail.Provider[STORE,pop3s,com.sun.mail.pop3.POP3SSLStore,Oracle], smtp=javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.smtp.SMTPTransport,Oracle]}
DEBUG: successfully loaded resource: /META-INF/javamail.default.address.map
DEBUG: getProvider() returning javax.mail.Provider[TRANSPORT,smtps,com.sun.mail.smtp.SMTPSSLTransport,Oracle]
DEBUG SMTP: useEhlo true, useAuth false
DEBUG SMTP: trying to connect to host "xxx.xxx.xx.xx", port 443, isSSL true
It looks to me as a certificate problem. If you have access to a server not using SSL, I would test that first, otherwise you should:
Find the certificate issuer (If you don't know it, you could use openssl verify http://www.herongyang.com/Cryptography/OpenSSL-Certificate-Path-Validation-Tests.html)
Look a CA in your java keystore
Locate Either the default java keystore (How do I find out what keystore my JVM is using?) or the one you are using
List the keystore and look for a corresponding CA
If there is a CA then the problem is not likely to be this
If there is no corresponding CA, then obtain the CA certificate and import it to you keystore, restart the server, and should work again.
I had the very same issue a while back. If you are trying to access an exchange server within a network (organization), I believe the port number is the issue here. It could have been changed by the network admin.
Please contact the network administrator and explain to him that you are trying to access the Exchange Server and require the username, password and the relevant port number. Authentication could be optional if the app is run in-house, i.e.
props = ["mail.smtp.auth":"false"]
I hope this helps.