Configure ansible inventory to manage Windows

by mn.sobieh
manage Windows using ansible

As an adventurer, It is time to see how to manages windows using ansible, hence this article is part of a series focus on how to configure ansible for windows automation.

I use Ansible documentation as my reference.

Related Topics

  • Install Ansible in four steps.
  • Configure Windows to accept Ansible commands.
  • Ansible cheat sheet for automating Windows.
  • Ansible cheat sheet for automating Linux.

Now we will adventure into Ansible territory. So, be careful when editing configuration files, unless you want to affect something else.

Configure Ansible to connect to Windows servers

Firstly, we will enable Linux network authentication protocol, to allow remote authentication. then, add sever. Finally, we will test our configuration.

You should know that the following instruction will not succeed unless you already configured your Windows to permit remote commands to execute.

Step one: Install few packages

Log into your ansible server. then, install packages for Kerberos, Python package manager.

In this article, I explain using Ubuntu. therefore, If you have ansible on CentOS or Other RPM-based OS check the other article Configure Ansible for Windows Authentication.

At first, Install the following packages

apt-get install -y gcc python3-pip python3-dev libkrb5-dev krb5-user 

Secondly, update Python package manager.

pip install --upgrade pip

Finally, install python packages essential for Ansible.

pip install pywinrm Kerberos

Step two: add your server to ansible Inventory

Ansible inventory file is /etc/ansible/hosts, however, you can have multiple inventory files, So, in our adventure, we will create an inventory file to manage windows using ansible.

Ansible Inventory file has the following properties:

  • It will have a group, So, it makes it easier to manage a group of servers that have the same role.
  • a variables group, then we will add four variables.
  • You can add a server by IP, or DNS-name under the group name.

the variables will set how ansible connects to windows server, for example, It will define the credentials and how to validate the SSL certificate used.

In the following example, it shows a simple inventory file for a group of windows 2008 servers. Also, it tells ansible that group is not Linux, locally managed, provides username and password.

[winsrv]
s06
[winsrv:vars]
ansible_connection=winrm
ansible_winrm_server_cert_validation=ignore
ansible_user=Administrator
[email protected]
Sample of inventory file

I usually use servers name instead of IP. I usually add a comment with name and functionality, If I used the IP.

Step three : Test Ansible configuration

I prefer to use multiple inline commands to verify our work, For instance , i use win_ping and win_shell modules.

ansible winsrv -m win_ping 

the output should be like this

win_ping module

Other modules, for example both win_command or win_shell allow executing window commands. like command whoami to identify who is executing the command

$ ansible winsrv -m win_shell -a "whoami"
$ ansible winsrv -m win_command -a "whoami"

If results like that

result of whoami command

In conclusion, it is easy to configure your server to be managed by Ansible. That is to say, If your servers are domain authenticated, It will be easier. Just flow instructions shown in Kerberos setting for ansible article.

Related Posts