ansible manager windows server

本文最后更新于:2024年8月9日 晚上

windows被控端配置:

  • 确保被控机器powershell version 大于等于4.0

    1
    2
    PS C:\Users\Administrator> Get-Host | findstr.exe Version
    Version          : 5.1.17763.2090

    Powershell Version 如果低于4.0

  • 配置winrm

    1
    2
    3
    4
    5
    PS C:\Users\Administrator> winrm quickconfig  #配置winrm service并启动服务
    PS C:\Users\Administrator> winrm enumerate winrm/config/listener  #查看winrm service启动监听状态
    PS C:\Users\Administrator> winrm set winrm/config/service/auth '@{Basic="true"}' #启用远程连接认证 
    PS C:\Users\Administrator> winrm set winrm/config/service '@{AllowUnencrypted="true"}' #启用远程连接认证
    PS C:\Users\Administrator> winrm enumerate winrm/config/listener #检查winrm服务正确是否启动

  • 修改相关授权策略

    1
    2
    PS C:\Users\Administrator> get-executionpolicy #查看powershell执行策略
    PS C:\Users\Administrator> set-executionpolicy remotesigned #更改powershell执行策略为remotesigned

  • 添加防火墙入站规则,放通5985/tcp端口

Linux ansible控制端:

  • 安装ansible以及python模块pywinrm

    1
    2
    3
    4
    5
    6
    7
    8
    9
    # ansible install with yum or pip or source code
    [root@raspberry ~]# yum install ansible -y
    [root@raspberry ~]# ansible --version
    ansible 2.9.23
      config file = /etc/ansible/ansible.cfg
      configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
      ansible python module location = /usr/lib/python2.7/site-packages/ansible
      executable location = /usr/bin/ansible
      python version = 2.7.5 (default, Oct 14 2020, 14:44:55) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]

  • 添加Inventory

    传统方式添加

    1
    2
    3
    [root@raspberry ~]# vim /etc/ansible/hosts
    [win]
    192.168.0.100 ansible_ssh_user="WIN_USER" ansible_ssh_pass="WIN_PASSWORD" ansible_ssh_port=5985 ansible_connection="winrm" ansible_winrm_server_cert_validation=ignore

    也可以采用yaml格式定义inventory(保持缩进一致):

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    [root@raspberry ~]# vim /etc/ansible/hosts_yml
    all:
      children:
        win: #主机组1
          hosts:
            192.168.0.100: #主机
          vars:  #此变量只在windows主机组里生效
            ansible_user: WIN_USER
            ansible_password: WIN_PASSWORD
            ansible_port: 5985
            ansible_connection: winrm
            ansible_winrm_server_cert_validation: ignore

  • 更多ansible配置:

    1
    [root@raspberry ~]# vim /etc/ansible/ansible.cfg
测试

  • 测试连通性

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    [root@raspberry ~]# ansible win -m win_ping
    192.168.0.100 | SUCCESS => {
        "changed": false,
        "ping": "pong"
    }
    [root@raspberry ~]# ansible -i /etc/ansible/hosts_yml win -m win_ping
    192.168.0.100 | SUCCESS => {
        "changed": false,
        "ping": "pong"
    }
linux
#ansible
ansible manager windows server
https://git.msft.vip/2024/03/30-ansible-manager-windows-server/
作者
Jas0n0ss
发布于
2024年3月30日
更新于
2024年8月9日
许可协议