Setting up Ansible Windows Host
SETTING WINDOWS HOSTS
The Ansible Engine can do the following on Windows hosts:
• Start, stop and manage services
• Push and execute custom PowerShell script
• Use the Chocolatey Package Manager Management Pack
Setting up WinRM refer - WINRM Blog
#HOST Requirements:
In order for Ansible to communicate with a Windows host to use a Windows module, the Windows host must meet the following requirements:
Supported Windows versions of Ansible are usually matched with current and extended versions supported by Microsoft. Supported desktop operating systems include Windows 7, 8.1, and 10, and supported server operating systems include Windows Server 2008, 2008 R2, 2012, 2012 R2, and 2016.
• Ansible requires Windows hosts to install PowerShell 3.0 or higher and at least install .NET 4.0.
• You need to create and activate a WinRM listener.
#Upgrade permissions and .NET Framework
In order to use Ansible, PowerShell version 3.0 and .NET Framework 4.0 or higher require older operating systems such as Server 2008 and Windows 7. The basic image does not meet this requirement. You can upgrade these scripts using the Upgrade-PowerShell.ps1 script.
#Set-ExecutionPolicy -ExecutionPolicy No restriction-Force
#PS D:\>. \ Upgrade-PowerShell.ps1
When you are done, you will need to delete the automatic login and return the execution policy to the default value of Restricted.
To do this, use the following PowerShell command:
#Set-ExecutionPolicy -ExecutionPolicy Limited-Force
This script works by checking the programs that need to be installed (for example, .NET Framework 4.5.2) and the required version of PowerShell. If you need to reboot and configure the username and password parameters, the script will automatically restart and log in when you restart. The script will continue until no further action is required and the PowerShell version matches the target version. If the username and password parameters are not set, the script will manually restart the user and prompt them to log in if necessary. The next time the user logs in, the script continues from where it left off and continues the process until no further action is required.
WinRm Setup
the script
ConfigureRemotingForAnsible.ps1
can be used to set up the basics. This script sets up both HTTP and HTTPS
listeners with a self-signed certificate and enables the basic authentication option on the service.
The WinRM services listen for requests on one or more ports. Each of these ports must have a listener created and configured.
To view the current listeners that are running on the WinRM service, run the following command:
winrm enumerate winrm/config/Listener
Install pywinrm:
Since the Ansible engine does not have a pywinrm dependency (it is required to use WinRM), make sure to install the pywinrm related library on the computer where Ansible is installed. The easiest way is to run pip install pywinrm on your terminal.
# yum –y update
# yum –y install python-pip
# pip install “pywinrm>=0.3.0”
# vi /etc/hosts
e.g 192.168.1.xx hostname
Setup inventory file:
To connect properly to a Windows host, you need to set ansible_connection = winrm in the host variable section of the manifest file so that Ansible Engine does not connect to the Windows host via SSH.
In addition, the WinRM connection plugin communicates by default via HTTPS but supports various modes such as HTTP for message encryption. This certificate is a self-signed certificate and should not be verified. Therefore, the "Configure Ansible Remote Configuration" script we used earlier is not a valid CA from Python.
This is a sample host file, as you can see in one place (note that the details of your specific environment are different):
[win]
172.16.2.xx
172.16.2.xx
[win:vars]
ansible_user=vagrant
ansible_password=password
ansible_connection=winrm
ansible_winrm_server_cert_validation=ignore
Test Connection:
Go to your control node’s terminal and type
#ansible [host_group_name_in_inventory_file] -i hosts -m win_ping
Relevant Blogs:
Recent Comments
No comments
Leave a Comment
We will be happy to hear what you think about this post