Despite the fact that Ansible is thought for managing Linux nodes utilizing SSH, do you know that Ansible on Home windows works simply as properly? Utilizing Home windows Distant Administration (WinRM), Ansible on Home windows can successfully handle your entire Home windows nodes too!
Not a reader? Watch this associated video tutorial!
Not seeing the video? Be sure that your advert blocker is disabled.
With Ansible on Home windows, you may carry out duties like deploying patches, managing Home windows servers, execute PowerShell scripts, and extra.
On this tutorial, you’re going to learn to arrange your first Home windows node to be managed with Ansible and see how one can run instructions and playbooks in opposition to it.
Stipulations
If you happen to’d wish to observe together with the tutorial, please make sure you’ve gotten the next earlier than beginning:
- An Ansible controller host – This tutorial can be utilizing Ansible v2.9.18 on an Ubuntu 18.04.5 LTS machine with an IP deal with of 10.111.4.53. Be aware that Home windows will not be supported as a management node, solely a managed node.
- Python put in in your Ansible controller host – This tutorial can be utilizing Python v2, however v3 ought to work simply as properly.
- The pip bundle put in on the Ansible controller.
- A Home windows 2012 R2 or larger laptop for Ansible to handle – This tutorial will use two Home windows Server 2012 R2 Normal machines as distant nodes with IP addresses of 52.242.251.213 and 10.111.4.106.
- A Home windows workstation – This tutorial will carry out some primary pre-configuration to the node that Home windows will handle with Ansible and would require you to sitting at a Home windows workstation.
- The Home windows server to handle has PowerShell Remoting enabled
- A person account within the native Directors group on the Home windows laptop. This tutorial will use an account known as adminuser.
Establishing the WinRM listener on Home windows
Earlier than Ansible can talk with a distant Home windows node, it should have the ability to make a connection to it. It does this via the Microsoft protocol WinRM. WinRM is identical protocol that PowerShell Remoting makes use of to run distant instructions from inside PowerShell.
As of this writing, Ansible does assist SSH as a administration protocol, but it surely’s an experimental characteristic at the moment.
For Ansible to make use of WinRM to speak with the Home windows node, you need to configure WinRM. To do that, Ansible supplies a PowerShell script that units numerous WinRm choices.
Though the PowerShell script that Pink Hat supplies to configure WinRM has been examined and is secure, it is best to learn via it and perceive, at a excessive stage, what it’s doing.
Your first job can be to obtain the configuration script and run Ansible on the Home windows node. To try this, assuming you have already got PowerShell Remoting enabled in your goal Home windows laptop and also you’re at a Home windows workstation:
Obtain the ConfigureRemotingForAnsible.ps1 PowerShell script to your native Home windows laptop. This tutorial will assume it’s saved in ~Downloads.
Run the configuration script on the Home windows node Ansible will handle utilizing the Invoke-Command command. The command under will run the command on the tutorial’s two demo machines and immediate you for the password for the native adminuser account on the Home windows nodes.
Invoke-Command -ComputerName 52.242.251.213, 10.111.4.106 -FilePath '~DownloadsConfigureRemotingForAnsible.ps1' -Credential (Get-Credential -UserName adminuser)By default, the configuration script will configure WinRM for primary HTTP authentication. If you happen to’d like Ansible to make use of a safer connection, study The best way to Configure WinRM over HTTPS for Ansible.
Configuring the Controller of Ansible on Home windows
Now that the Home windows node is prepared for Ansible, let’s now configure the Ansible controller to indicate Ansible how one can talk with it.
1. Hook up with your Ansible controller host by way of SSH utilizing your favourite SSH shopper.
2. Set up the pywinrm Python module. The pywinrm Python module is required for Ansible on Home windows to speak to hosts by way of the WinRM protocol.
3. Outline the distant Home windows nodes in an Ansible stock file. An Ansible stock is a group of distant hosts outlined in a file both by their hostname or IP deal with. As soon as outlined, you may then goal Ansible inventories with instructions and playbooks, as you’ll quickly see.
The default Ansible stock file is positioned within the /and many others/ansible/hosts listing.
The pattern stock file under is created a home windows host group that comprises every Home windows node. The tutorial is utilizing a number group right here to make it simpler to focus on all Home windows nodes (when you’ve got multiple) without delay later.
[windows]
54.242.251.213
10.111.4.1064. Subsequent, outline a couple of required variables Ansible will use when connecting to the Home windows hosts within the stock file as a home windows:vars group.
[windows:vars]
ansible_user=localadmin ## the home windows username for ansible to speak
ansible_password=s3crect ## the home windows password for ansible to speak
ansible_connection=winrm ## The form of connection which ansible will make with distant home windows node
ansible_winrm_server_cert_validation=ignore ## ignore certificates validation as a result of we'll simply be utilizing a self-signed certificates that comes with Ansible5. Now, use the Ansible win_ping module to execute a easy connection take a look at to the hosts inside the home windows host group outlined in step #3.
# home windows is the host group
# -m tells Ansible to make use of the win_ping module
ansible home windows -m win_pingAs soon as executed, you may see under that Ansible returns inexperienced textual content with a SUCCESS message indicating the profitable ping try.
The output confirms that the Ansible controller host can talk with the Home windows distant host efficiently over WinRM.
Working ad-hoc Instructions on Home windows Hosts
At this level, you’re all set for Ansible to start controlling your Home windows nodes. Let’s now take a look at this out by operating an ad-hoc command on the Home windows nodes to alter them. Advert-hoc instructions are nice when you might want to run a easy command on nodes with out first making a playbook.
Let’s show ad-hoc instructions by putting in a Home windows characteristic on the Home windows nodes outlined within the home windows host group within the stock file. To try this, assuming you’re nonetheless SSHed into your Ansible controller node:
1. As a substitute of the win_ping module this time, name the win_feature module (-m), passing it two arguments (-a) of identify and state indicating the identify of the Home windows characteristic and the state you want it to be in.
# home windows here's a group of hosts
# win_feature is the identify of the module
# state=current means to put in the bundle or service
ansible home windows -m win_feature -a "identify=Telnet-Consumer state=current"While you run the above command, if all goes properly, Ansible ought to hook up with all the nodes within the home windows host group and run the win_feature command on every checking for, and if not current, putting in the Telnet-Consumer Home windows characteristic.
2. Ansible reveals success, however to make sure, hook up with the Home windows nodes manually with PowerShell and confirm the Telnet Consumer Home windows characteristic is now put in. In your native Home windows workstation, run Invoke-Command to run the Get-WindowsFeature PowerShell command on every Home windows laptop.
Invoke-Command -ComputerName 52.242.251.213, 10.111.4.106 -ScriptBlock { Get-WindowsFeature -Identify 'Telnet-Service' } -Credential (Get-Credential -UserName adminuser)At this level, you may run any Home windows module you want as ad-hoc instructions!
Creating and Working Ansible on Home windows Playbooks
When you’ve mastered the artwork of operating ad-hoc instructions on Home windows managed nodes, your subsequent job is to create and run playbooks.. An Ansible playbook combines instructions right into a single place and permits you to write advanced logic to carry out advanced automation eventualities.
Working Distant Home windows Instructions with the win_command Module
Assuming you’re nonetheless related to your Ansible controller host:
1. Create a folder underneath your own home listing known as ansible-windows-demo and alter to it. This folder will maintain your playbook.
mkdir ~/ansible-windows-demo
cd ~/ansible-windows-demo 2. Open your favourite textual content editor and create and save a file known as ansible-windows.yml within the ~/ansible-windows-demo listing.
Ansible playbooks are written in YAML
3. Now, copy the under playbook into the ansible-windows.yml file to create a single job. This playbook will execute the netstat Home windows command utilizing the win_command Home windows Ansible module on all hosts contained in the home windows host group.
The win_command module executes instructions on home windows distant host. It doesn’t enable instructions which embody variables corresponding to particular characters, line breaker, larger than image, and many others.
---
- identify: Ansible win_command module instance
hosts: home windows # host group to run the module on
duties:
- identify: run an executable command on a distant Home windows system
win_command: netstat -e # win_command is a Home windows module. 4. Invoke the ansible-windows.yml playbook, which executes the duty on the distant host by operating the next command.
ansible-playbook ansible-windows.ymlIf all went properly, it is best to see output like under.
Working Distant PowerShell Instructions with the win_shell Module
You created a playbook to run a distant cmd.exe command (netstat) on Home windows managed nodes within the earlier instance. Let’s now up the ante a bit and run PowerShell instructions utilizing the win_shell module.
By default win_shell module runs on PowerShell on home windows host
In your native Home windows workstation:
1. First, open your favourite textual content editor in your native Home windows workstation and create a pattern PowerShell script and replica the next code into it, saving it as one.ps1. This tutorial will save the script to ~one.ps1.
The under code creates a clean textual content file known as test2.txt within the C:temp listing.
Set-Content material -Path C:temptest2.txt -Worth ''2. Copy the one.ps1 PowerShell script to your Home windows managed nodes utilizing your most popular methodology. This tutorial will assume you’ve copied the one.ps1 script to the C:Temp folder on every Home windows node.
3. As soon as the pattern PowerShell script is one the Home windows node(s), hook up with your Ansible controller host and open your favourite textual content editor once more. This time, create and save one other playbook known as ansible-windows-shell.yml in the identical ~/ansible-windows-demo listing.
4. Copy and paste the next playbook into the ansible-windows-shell.yml file. This playbook will run two duties to show the win_shell module. It invokes the PowerShell script simply copied from step #2 and inserts the PowerShell code immediately into the playbook to show the script isn’t wanted in any respect.
To cross a number of traces of PowerShell code to the win_shell module, use the
|pipe character.
---
- identify: Ansible win_shell module instance
remote_user: localadmin # native Home windows person to attach with
hosts: home windows # distant host group
duties:
- identify: Single line PowerShell # Working single command utilizing win_shell module
win_shell: C:tempone.ps1
- identify: Run multi-lined shell instructions
win_shell: |
$textual content=" Iam Creator of ATA"
Set-Content material -Path C:temptest3.txt -Worth $textual content 5. Now, invoke the second playbook ansible-windows-shell.yml, which executes on the distant host however with PowerShell.
ansible-playbook ansible-windows-shell.yml
6. If needed, in your native Home windows workstation, confirm the playbook executed the prevailing script and the PowerShell code within the playbook.
Invoke-Command -ComputerName 52.242.251.213, 10.111.4.106 -ScriptBlock { Take a look at-Path -Path 'C:Temptest3.txt','C:Temptest2.txt' } -Credential (Get-Credential -UserName adminuser)If the Ansible playbook ran efficiently, PowerShell ought to return two True statements indicating that the information now exist.
Conclusion
On this tutorial, you’ve realized how one can arrange your first Home windows managed node in Ansible. Despite the fact that Ansible has historically been referred to as a Linux instrument, it will possibly simply be used for Home windows additionally!
What playbooks and Home windows modules will you begin utilizing to handle Home windows with Ansible?
