Pages

Friday, May 7, 2021

Ansible With Windows

Ansible as we know is an excellent automation tool for *nix based machines. But with recent implementations of ansible, it starts supporting windows based systems too. Using the Linux system as our Ansible Control machine and having windows machines as our remote machine, we can manage the systems. In this document we will see how we can manage a windows machine from a Linux Based Ansible control machine.


As we know that python is a mandatory requirement for ansible to work in linux machines but in windows, we need to have windows modules installed on the windows machine. There are certain requirements that windows machines to satisfy if we need to get ansible to work,


  • Ansible Can generally manage windows versions under current and extended support from Microsoft. Ansible can manage desktop OSs including Windows 7, 8.1, and 10, and server OSs including Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, and 2019.


  • Ansible requires Powershell 3.0 or newer and at least .NET 4.0 to be installed on the windows Host.


  • A WinRM listener should be created and activated on the remote window machines.


  • A Python package Pywinrm should be installed on the Linux Ansible Control machine.


Configuration on the Window Remote Machine


Check Powershell version : Get the Powershell Version by running the command in the powershell prompt,


PS C:\Windows\system32> (Get-Host).Version

Major  Minor  Build    Revision

-----   -----    -----     --------

5       1         14393  4350


Ensure WinRM ports are open

We also need to make sure both ports 5985 and 5986 are open in the firewall On Both Operating system and also on the network side. That is, now in order to access our windows machine over winRM and ansible will be able to execute playbook and tasks on your windows machine, we need to have these ports open. Check if ports are open are not using the below command on Powershell command line,

PS C:\Windows\system32> Get-Process -Id (Get-NetTCPConnection -LocalPort 5985).OwningProcess


Run the Powershell Script for configuring the Remoting For ansible

Run the below powershell script provided by ansible to configure Remoting for ansible as below,


PS C:\Users\Administrator> $url = "https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/Confi

gureRemotingForAnsible.ps1"


PS C:\Users\Administrator> $file = "$env:temp\ConfigureRemotingForAnsible.ps1"


PS C:\Users\Administrator> (New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file)


PS C:\Users\Administrator> powershell.exe -ExecutionPolicy ByPass -File $file

Self-signed SSL certificate generated; thumbprint: DD2BFCC45E7503BC9C05BA9174326B593614C733


wxf                   : http://schemas.xmlsoap.org/ws/2004/09/transfer

a                      : http://schemas.xmlsoap.org/ws/2004/08/addressing

w                      : http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd

lang                  : en-US

Address             : http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous

ReferenceParameters : ReferenceParameters


Ok.


The script is available at the location here.


Configuration on the Ansible Control machine

The only one thing other than installing and configuring ansible, we also need to install the pywinrm python module. To install the package we need to run the command,


[root@ip-172-31-30-121 ansible]# pip install pywinrm


Configure the ansible.cfg and Hosts file

Once all the necessary configurations are done, we can now configure the ansible.cfg and hosts file as below,


Hosts file looks as,

[root@ip-172-31-30-121 ansible]# cat hosts 

[test]

172.31.23.13

 

[test:vars]

ansible_user="Administrator"

ansible_password="P@wDt3tLDAdUcV6UKx(.fw(Z7X35(@=Z"

ansible_port="5986"

ansible_connection="winrm"

ansible_winrm_transport="basic"

ansible_winrm_server_cert_validation=ignore


In the above hosts file, we can see the ip address of the machine under the label test. We also defined variables for all machines under the label test. We have the ansible user, password, port , connection and transport. When we are running ansible will use the variables defined in the hosts file.


Ansible.cfg looks as,

[defaults]

inventory=hosts


Execute our first ansible command to ping the windows machine as below,

[root@ip-172-31-30-121 ansible]# ansible test -m win_ping

172.31.23.13 | SUCCESS => {

    "changed": false, 

    "ping": "pong"

}


Write a simple playbook for creating a new user by the name of John in the windows remote machine

[root@ip-172-31-30-121 ansible]# cat win_play.yml 

---

 - hosts: test

   tasks:

    - name: Create a new User 

      win_user:

       name: john

       password: MyP4ssw0rd

       state: present 

       groups:

        - Users

      when: ansible_os_family == 'Windows'


Run the playbook and see the output as below,

[root@ip-172-31-30-121 ansible]# ansible-playbook win_play.yml 

 

PLAY [test] ***************************************************************** 


TASK [Gathering Facts] *****************************************************************ok: [172.31.23.13]

 

TASK [Create a new User] *****************************************************************changed: [172.31.23.13]

 

PLAY RECAP *****************************************************************172.31.23.13               : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

 

Hope this article helps in managing windows hosts using ansible. More to Come. Happy learning :-)

By
Labels:

No comments :

Post a Comment

Subscribe to: Post Comments ( Atom )