Skip to main content

Ansible for Microsoft's Windows


Hello

 Thanks for visiting RvKmR's blogs


Today we are discussing managing Microsoft Windows machines with Ansible. We know that managing Linux machines with Ansible is quite common nowadays. but managing windows machines with Ansible is quite new. SSH service is used to manage Linux machine and for windows WinRM. Please check more details about WinRM here.

 Lets checkout steps to configure WINRM for ansible. Below are requirements for WINRM configuration on target windows machine.
  • Admin Credentials of target windows machine.
  • Stop firewall on target windows machine.
  • Powershell version 3.0 and .net framework 4.0

Let's start configuring Windows machine:
  • I am considering you have administrator account credentials with you.
  • Open Firewall in windows machines and turn of it or allow port 5985 and 5986.
  • Update Powershell and .Net Framework with below commands on PowerShell.
$url ="https://raw.githubusercontent.com/jborean93/ansible-windows/master/scripts/Upgrade-PowerShell.ps1"
$file = "$env:temp\Upgrade-PowerShell.ps1"
$username = "Administrator"
$password = "Password"

(New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file)
Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Force

# Version can be 3.0, 4.0 or 5.1
&$file -Version 5.1 -Username $username -Password $password -Verbose

# This isn't needed but is a good security practice to complete
Set-ExecutionPolicy -ExecutionPolicy Restricted -Force

$reg_winlogon_path = "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon"
Set-ItemProperty -Path $reg_winlogon_path -Name AutoAdminLogon -Value 0
Remove-ItemProperty -Path $reg_winlogon_path -Name DefaultUserName -ErrorAction SilentlyContinue
Remove-ItemProperty -Path $reg_winlogon_path -Name DefaultPassword -ErrorAction SilentlyContinue

  • To do WinRM hotfix run below commands on PowerShell.

$url = "https://raw.githubusercontent.com/jborean93/ansible-windows/master/scripts/Install-WMF3Hotfix.ps1"























$file = "$env:temp\Install-WMF3Hotfix.ps1"
































(New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file)















powershell.exe -ExecutionPolicy ByPass -File $file -Verbose
  • To Configure WinRM run below commands on PowerShell.

$url = "https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1"























$file = "$env:temp\ConfigureRemotingForAnsible.ps1"
































(New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file)































powershell.exe -ExecutionPolicy ByPass -File $file
  • To check WinRM Configuration run below command on PowerShell.
winrm enumerate winrm/config/Listener
If you got below output of above command, then you have configured WinRM successfully.

Now let's configure the ansible machine:
  • First, you need to install supported python library for ansible to connect WinRM.
sudo pip install pywinrm
  • Now you need to add below variables in ansible inventory for Windows machine.
[all]


192.168.0.101

[all:vars]
ansible_connection=winrm
ansible_winrm_server_cert_validation=ignore
ansible_user='XXXXXXXXXX'
ansible_password='xxxxxxxxx'
ansibl_port=5986
ansible_winrm_transport=ntlm

  • Now test connectivity to Windows machine with below ansible command.
ravikumar@ravikumar-RV409-RV509-RV709:~/workspace$ ansible 192.168.0.101 -m win_ping -i inv 

192.168.0.101 | SUCCESS => {

    "changed": false, 
    "ping": "pong"
}


Now you are done with configuration. You can now use windows specific modules for more task on windows machines.

Labels:
Location: Pune, Maharashtra, India

Comments

Post a Comment

Popular posts from this blog

Wheel Users in Linux

Hello, Thanks for visiting RvKmR.blogspot.in In this blog post, I am explaining about Wheel users in Linux. Red Hat release that I am working on is as below.  [ravi@localhost vagrant]$ cat /etc/redhat-release CentOS release 6.9 (Final) An Linux system can have many users like System users, normal users, and admin (root) user. Its common sens that we have is not to share root user credentials with other user, but here is case that we wish to run administrative command by normal user. In that case we need to aware about wheel users group. Let's first understand what is wheel user in Linux and why we needed it. Wheel is one of Linux user group that allow members of that group to run administrative commands those need root access of system, Wheel user facilitate to do that with sudo (superuser do ) privileges. Lets do it on terminal : Add an user and set password [root@localhost vagrant]# useradd ravi [root@localhost vagrant]# passwd rav...
Post a Comment
Read more

Reset Multiple Linux server Password

Hello, Thanks for visiting RvKmR.blogspot.in . In this blog, I am going to explain about my script “Reset multiple Linux server password” written in bash. To understand this script you must be familiar with Bash scripting and Linux environment. Q   :  I have 100 's Linux server, I need to reset these Linux server password on weekly.  I know procedure to reset password of single server i.e. Login in to target server and reset password with utility “passwd”.  But here is issue : What if I have 100 's of server ?  it is not efficient way to login to each server and the reset password. Ans :     Written an bash script to automate this task. Details are mentioned below. There are some prerequisites needed before running this script. We need know targeted Linux server IP address and current password of server. Create a file “server_details”  at same location where is your main script located and write IP address and password like : "<I...
Post a Comment
Read more

IT Infrastructure Monitoring

Hello, Thanks for visiting RvKmR.blogspot.in IT Infrastructure monitoring its not just words, it means a lot in the information technology world. I expect an IT professional knows what it means. In a simple word, I can say Compute, Application, and network, etc. OK, let's start why we need IT infrastructure monitoring. Monitoring IT infrastructure allows us to take preemptive action to be undertaken towards a potential problem before they affect your business. OR at least reduce time to restore your infrastructure as soon as an incident occurs. Further monitoring of IT infrastructure is divided into two categories Agent-based and agentless. An agent is a software or script installed on machines that to be monitored so that it will send information to monitoring systems. Having an agent inside the machine uses system resources, which in turn raises maintenance cost. Whereas the agentless tool is little or no impact on monitored machines as an agent is not installed on ...
1 comment
Read more