Skip to main content

Ansible for Microsoft's Windows


Hello

 Thanks for visiting RvKmR's blogs


Today we are discussing managing Microsoft Windows machines with Ansible. We know that managing Linux machines with Ansible is quite common nowadays. but managing windows machines with Ansible is quite new. SSH service is used to manage Linux machine and for windows WinRM. Please check more details about WinRM here.

 Lets checkout steps to configure WINRM for ansible. Below are requirements for WINRM configuration on target windows machine.
  • Admin Credentials of target windows machine.
  • Stop firewall on target windows machine.
  • Powershell version 3.0 and .net framework 4.0

Let's start configuring Windows machine:
  • I am considering you have administrator account credentials with you.
  • Open Firewall in windows machines and turn of it or allow port 5985 and 5986.
  • Update Powershell and .Net Framework with below commands on PowerShell.
$url ="https://raw.githubusercontent.com/jborean93/ansible-windows/master/scripts/Upgrade-PowerShell.ps1"
$file = "$env:temp\Upgrade-PowerShell.ps1"
$username = "Administrator"
$password = "Password"

(New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file)
Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Force

# Version can be 3.0, 4.0 or 5.1
&$file -Version 5.1 -Username $username -Password $password -Verbose

# This isn't needed but is a good security practice to complete
Set-ExecutionPolicy -ExecutionPolicy Restricted -Force

$reg_winlogon_path = "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon"
Set-ItemProperty -Path $reg_winlogon_path -Name AutoAdminLogon -Value 0
Remove-ItemProperty -Path $reg_winlogon_path -Name DefaultUserName -ErrorAction SilentlyContinue
Remove-ItemProperty -Path $reg_winlogon_path -Name DefaultPassword -ErrorAction SilentlyContinue

  • To do WinRM hotfix run below commands on PowerShell.

$url = "https://raw.githubusercontent.com/jborean93/ansible-windows/master/scripts/Install-WMF3Hotfix.ps1"























$file = "$env:temp\Install-WMF3Hotfix.ps1"
































(New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file)















powershell.exe -ExecutionPolicy ByPass -File $file -Verbose
  • To Configure WinRM run below commands on PowerShell.

$url = "https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1"























$file = "$env:temp\ConfigureRemotingForAnsible.ps1"
































(New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file)































powershell.exe -ExecutionPolicy ByPass -File $file
  • To check WinRM Configuration run below command on PowerShell.
winrm enumerate winrm/config/Listener
If you got below output of above command, then you have configured WinRM successfully.

Now let's configure the ansible machine:
  • First, you need to install supported python library for ansible to connect WinRM.
sudo pip install pywinrm
  • Now you need to add below variables in ansible inventory for Windows machine.
[all]


192.168.0.101

[all:vars]
ansible_connection=winrm
ansible_winrm_server_cert_validation=ignore
ansible_user='XXXXXXXXXX'
ansible_password='xxxxxxxxx'
ansibl_port=5986
ansible_winrm_transport=ntlm

  • Now test connectivity to Windows machine with below ansible command.
ravikumar@ravikumar-RV409-RV509-RV709:~/workspace$ ansible 192.168.0.101 -m win_ping -i inv 

192.168.0.101 | SUCCESS => {

    "changed": false, 
    "ping": "pong"
}


Now you are done with configuration. You can now use windows specific modules for more task on windows machines.

Labels:
Location: Pune, Maharashtra, India

Comments

Post a Comment

Popular posts from this blog

Wheel Users in Linux

Hello, Thanks for visiting RvKmR.blogspot.in In this blog post, I am explaining about Wheel users in Linux. Red Hat release that I am working on is as below.  [ravi@localhost vagrant]$ cat /etc/redhat-release CentOS release 6.9 (Final) An Linux system can have many users like System users, normal users, and admin (root) user. Its common sens that we have is not to share root user credentials with other user, but here is case that we wish to run administrative command by normal user. In that case we need to aware about wheel users group. Let's first understand what is wheel user in Linux and why we needed it. Wheel is one of Linux user group that allow members of that group to run administrative commands those need root access of system, Wheel user facilitate to do that with sudo (superuser do ) privileges. Lets do it on terminal : Add an user and set password [root@localhost vagrant]# useradd ravi [root@localhost vagrant]# passwd rav
Post a Comment
Read more

IT Infrastructure Monitoring

Hello, Thanks for visiting RvKmR.blogspot.in IT Infrastructure monitoring its not just words, it means a lot in the information technology world. I expect an IT professional knows what it means. In a simple word, I can say Compute, Application, and network, etc. OK, let's start why we need IT infrastructure monitoring. Monitoring IT infrastructure allows us to take preemptive action to be undertaken towards a potential problem before they affect your business. OR at least reduce time to restore your infrastructure as soon as an incident occurs. Further monitoring of IT infrastructure is divided into two categories Agent-based and agentless. An agent is a software or script installed on machines that to be monitored so that it will send information to monitoring systems. Having an agent inside the machine uses system resources, which in turn raises maintenance cost. Whereas the agentless tool is little or no impact on monitored machines as an agent is not installed on
1 comment
Read more

Installing Jenkins in ubuntu

Hello, Thanks for visiting RvKmR.blogspot.in In this blog post, I am explaining about installing Jenkins in the ubunut system. Ubuntu release that I am working on is as below DISTRIB_ID=Ubuntu DISTRIB_RELEASE=17.04 DISTRIB_CODENAME=zesty DISTRIB_DESCRIPTION="Ubuntu 17.04" I will explain working on Jenkins in another post, for now, we will discuss how to install Jenkins in Ubuntu system. To run Jenkins successfully we need a web server. I am familiar with nginx, so I am going with it. Jenkins by default works on 8080 port. Install Jenkins with below command  sudo apt-get install nginx Jenkins is written in Java, so we need Java to be installed on our system. Adding repo to install jdk sudo add-apt-repository ppa : openjdk -r/ ppa sudo apt-get update Install jdk now. sudo apt-get install openjdk -8- jdk Add Jenkins key and update source list to install Jenkins. wget https://jenkins-ci.org/debian/jenkins-ci.org.key sudo apt-key add jenki
2 comments
Read more