As an adventurer, It is time to see how to manages windows using ansible, hence this article is part of a series focus on how to configure ansible for windows automation.
I use Ansible documentation as my reference.
- Install Ansible in four steps.
- Configure Windows to accept Ansible commands.
- Ansible cheat sheet for automating Windows.
- Ansible cheat sheet for automating Linux.
Now we will adventure into Ansible territory. So, be careful when editing configuration files, unless you want to affect something else.
Configure Ansible to connect to Windows servers
Firstly, we will enable Linux network authentication protocol, to allow remote authentication. then, add sever. Finally, we will test our configuration.
You should know that the following instruction will not succeed unless you already configured your Windows to permit remote commands to execute.
Step one: Install few packages
Log into your ansible server. then, install packages for Kerberos, Python package manager.
In this article, I explain using Ubuntu. therefore, If you have ansible on CentOS or Other RPM-based OS check the other article Configure Ansible for Windows Authentication.
At first, Install the following packages
apt-get install -y gcc python3-pip python3-dev libkrb5-dev krb5-user
Secondly, update Python package manager.
pip install --upgrade pip
Finally, install python packages essential for Ansible.
pip install pywinrm Kerberos
Step two: add your server to ansible Inventory
Ansible inventory file is /etc/ansible/hosts, however, you can have multiple inventory files, So, in our adventure, we will create an inventory file to manage windows using ansible.
Ansible Inventory file has the following properties:
- It will have a group, So, it makes it easier to manage a group of servers that have the same role.
- a variables group, then we will add four variables.
- You can add a server by IP, or DNS-name under the group name.
the variables will set how ansible connects to windows server, for example, It will define the credentials and how to validate the SSL certificate used.
In the following example, it shows a simple inventory file for a group of windows 2008 servers. Also, it tells ansible that group is not Linux, locally managed, provides username and password.
[winsrv] s06 [winsrv:vars]
I usually use servers name instead of IP. I usually add a comment with name and functionality, If I used the IP.
Step three : Test Ansible configuration
I prefer to use multiple inline commands to verify our work, For instance , i use win_ping and win_shell modules.
ansible winsrv -m win_ping
the output should be like this
Other modules, for example both win_command or win_shell allow executing window commands. like command whoami to identify who is executing the command
$ ansible winsrv -m win_shell -a "whoami"
$ ansible winsrv -m win_command -a "whoami"
If results like that
In conclusion, it is easy to configure your server to be managed by Ansible. That is to say, If your servers are domain authenticated, It will be easier. Just flow instructions shown in Kerberos setting for ansible article.