Setting up Windows Host using Ansible
1. Install ansible
#Add the PPA to the system, and the middle need case Enter to accept the PPA increase
sudo apt-add-repository ppa:ansible/ansible
#Update and install
sudo apt-get update
sudo apt-get install -y ansible
2. Install pywinrm
sudo apt-get install -y python-pip
pip install pywinrm
3. Configure ansible
Ansible knows all the servers through the hosts file. We need to set up this file before we can start connecting with our other machines
host file path
/etc/ansible/hostsChange the command
sudo vi /etc/ansible/hostsChange content
[random group name]
random name ansible_ssh_host=the ip of the machine to be connectedex:
[windows]
test ansible_ssh_host=127.0.0.1Or (in this case, you need to use IP to control the command separately)
[windows]
127.0.0.1
4. Add a group folder, the windows connection will need to enter the remote account password, so we create group_vars under ansible and enter the remote settings
PS. The file name must be the same as the group to read the contents of the YMAL file
sudo mkdir /etc/ansible/group_varssudo vi /etc/ansible/group_vars/windows.ymlansible_user: remote account
ansible_password: remote password
ansible_port: 5986
ansible_connection: winrm
ansible_winrm_server_cert_validation: ignore
5. Make a powershell script, this article uses windows server 2016 Datacenter
Right-click on the desktop → Add → File Folder
The upper right arrow of any folder → click on page view → check the file extension, so you can see the file extension
Name ConfigureRemotingForAnsible.ps1 and paste the content of the URL, the content of the file: https://tinyurl.com/y65bradw
Change the file name after pasting the content.ps1
6. Open the powershell setting on windows. This article is using windows server 2016 Datacenter. You can skip to step 7 without the following steps
Open powershell, search at the bottom left → type powershell → right click to run as a system administrator
# Install .NET Framework 4.5
Change the powershell policy to remotesigned and enter y to confirmSet-ExecutionPolicy remotesignedCheck strategyGet-ExecutionPolicy
View version (must be 3.0 or above)
$PSVersionTable.PSVersion
Open Winrm service
winrm enumerate winrm/config/listener
If there is no response, it means that the service is not started, and it is not started by default
7. Basic configuration of winrm service
winrm quickconfig
If the setting has been activated, it will need to be modified with commands
winrm service configuration auth
winrm set winrm/config/service/auth'@{Basic="true"}'
Winrm service configures the encryption mode to allow non-encryptionwinrm set winrm/config/service’@{AllowUnencrypted=”true”}’
Place the ConfigureRemotingForAnsible.ps1 path to execute the configuration winrm and https certificate message
powershell.exe -File ConfigureRemotingForAnsible.ps1
Check config content
winrm get winrm/config
8. The test, as shown in the figure below, is successful. Then you can issue other commands to control the machine
ansible all -m win_pingansible test -m win_ping (specify a single host)ansible 127.0.0.1 -m win_ping (specify a single host)ansible windows -m win_ping (specify group)
9. Operate the machine by command
ansible name -m win_command -a “command”
ex: ansible windows -m win_command -a “shutdown -r -t 10” (remote operation restart command)
ansible 127.0.0.1 -m win_ping (specify a single host)
ansible windows -m win_ping (specify group)
