Closed
Description
Summary
When I try and use the 'win_update' module to install MS updates on Windows Servers I receive a kerberos.GSSError message.
When i 'search' or 'download' updates with the win_update module it behaves as expected. This behaviour seems to be limited to installing updates. The behaviour is present across multiple updates and multiple devices.
It should be noted that after running the win_update install against a server, running 'Get-Hotfix' on the server itself shows the expected updates are actually installed. Control panel on the server shows that the updates are 'pending install', yet rebooting the server does nothing to change the status.
TLDR: Win_update seems to be actually be installing the updates, but still poses the error.
Issue Type
Bug Report
Component Name
win_updates
Ansible Version
ansible [core 2.15.1rc1]
config file = None
configured module search path = ['/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.9/site-packages/ansible
ansible collection location = /runner/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible
python version = 3.9.16 (main, Mar 7 2023, 00:00:00) [GCC 11.3.1 20221121 (Red Hat 11.3.1-4)] (/usr/bin/python3)
jinja version = 3.1.2
libyaml = TrueConfiguration
ANSIBLE_FORCE_COLOR(env: ANSIBLE_FORCE_COLOR) = True
CONFIG_FILE() = None
DEFAULT_CALLBACK_PLUGIN_PATH(env: ANSIBLE_CALLBACK_PLUGINS) = ['/usr/local/lib/python3.9/site-packages/ansible_runner/display_callback/callback']
DEFAULT_LOAD_CALLBACK_PLUGINS(env: ANSIBLE_LOAD_CALLBACK_PLUGINS) = True
DEFAULT_STDOUT_CALLBACK(env: ANSIBLE_STDOUT_CALLBACK) = awx_display
HOST_KEY_CHECKING(env: ANSIBLE_HOST_KEY_CHECKING) = False
INVENTORY_UNPARSED_IS_FAILED(env: ANSIBLE_INVENTORY_UNPARSED_FAILED) = True
RETRY_FILES_ENABLED(env: ANSIBLE_RETRY_FILES_ENABLED) = False
CONNECTION:
==========
paramiko_ssh:
____________
host_key_checking(env: ANSIBLE_HOST_KEY_CHECKING) = False
record_host_keys(env: ANSIBLE_PARAMIKO_RECORD_HOST_KEYS) = False…OS / Environment
RHEL 8 (EC2 Instance)
Steps to Reproduce
- name: Install available updates
ansible.windows.win_updates:
category_names: "{{ win_update_category_names }}"
reject_list: "{{ win_update_blacklist | default(omit) }}"
accept_list: "{{ win_update_whitelist | default(omit) }}"
reboot: true
reboot_timeout: 2400
state: installed
register: installed_updates
when: available_updates.found_update_count|int >= 1Expected Results
I expected the playbook to install the available updates on the Windows Server successfully and report as such.
Actual Results
{
"msg": "Unexpected failure during module execution: (('No context has been established', 524288), ('Attempt to use incomplete security context', 39756039))",
"exception": "Traceback (most recent call last):\n File \"/usr/local/lib/python3.9/site-packages/ansible/executor/task_executor.py\", line 165, in run\n res = self._execute()\n File \"/usr/local/lib/python3.9/site-packages/ansible/executor/task_executor.py\", line 673, in _execute\n self._handler.cleanup()\n File \"/usr/local/lib/python3.9/site-packages/ansible/plugins/action/__init__.py\", line 195, in cleanup\n self._remove_tmp_path(self._connection._shell.tmpdir)\n File \"/usr/local/lib/python3.9/site-packages/ansible/plugins/action/__init__.py\", line 533, in _remove_tmp_path\n tmp_rm_res = self._low_level_execute_command(cmd, sudoable=False)\n File \"/usr/local/lib/python3.9/site-packages/ansible/plugins/action/__init__.py\", line 1344, in _low_level_execute_command\n rc, stdout, stderr = self._connection.exec_command(cmd, in_data=in_data, sudoable=sudoable)\n File \"/usr/local/lib/python3.9/site-packages/ansible/plugins/connection/winrm.py\", line 609, in exec_command\n result = self._winrm_exec(cmd_parts[0], cmd_parts[1:], from_exec=True, stdin_iterator=stdin_iterator)\n File \"/usr/local/lib/python3.9/site-packages/ansible/plugins/connection/winrm.py\", line 519, in _winrm_exec\n command_id = self.protocol.run_command(self.shell_id, to_bytes(command), map(to_bytes, args), console_mode_stdin=(stdin_iterator is None))\n File \"/usr/local/lib/python3.9/site-packages/winrm/protocol.py\", line 359, in run_command\n res = self.send_message(xmltodict.unparse(req))\n File \"/usr/local/lib/python3.9/site-packages/winrm/protocol.py\", line 243, in send_message\n resp = self.transport.send_message(message)\n File \"/usr/local/lib/python3.9/site-packages/winrm/transport.py\", line 317, in send_message\n prepared_request = self.encryption.prepare_encrypted_request(self.session, self.endpoint, message)\n File \"/usr/local/lib/python3.9/site-packages/winrm/encryption.py\", line 80, in prepare_encrypted_request\n encrypted_message = self._encrypt_message(message, host)\n File \"/usr/local/lib/python3.9/site-packages/winrm/encryption.py\", line 109, in _encrypt_message\n encrypted_stream = self._build_message(message, host)\n File \"/usr/local/lib/python3.9/site-packages/winrm/encryption.py\", line 192, in _build_kerberos_message\n sealed_message, signature = self.session.auth.wrap_winrm(host, message)\n File \"/usr/local/lib/python3.9/site-packages/winrm/vendor/requests_kerberos/kerberos_.py\", line 439, in wrap_winrm\n return kerberos.authGSSWinRMEncryptMessage(self.context[host], message)\nkerberos.GSSError: (('No context has been established', 524288), ('Attempt to use incomplete security context', 39756039))\n",
"stdout": "",
"_ansible_no_log": false
}Code of Conduct
- I agree to follow the Ansible Code of Conduct
Metadata
Metadata
Assignees
Labels
No labels