Menu

Virtual Geek

Tales from real IT system administrators world and non-production environment

Using Ansible to Manage Windows Servers initial setup – Step by Step

In this article I will be configuring and connecting Ansible server and Windows host for Microsoft Windows system configuration management. First prepare Ansible host by installing ansible.windows collection with ansible-galaxy command. Next install pywinrm and python3-winrm Python packages with pip3 command. 

Although the next task of checking nslookup is not necessary, but I will check it for best practices if I am planning to use hostname instead of IP in the Ansible inventory.

ubuntu@ansible:~$ ansible-galaxy collection install ansible.windows
Starting galaxy collection install process
Process install dependency map
Starting collection install process
Downloading https://galaxy.ansible.com/download/ansible-windows-1.12.0.tar.gz to /home/ubuntu/.ansible/tmp/ansible-local-3285938llsg6p6c/tmpodaxumnt/ansible-windows-1.12.0-4ya51jus
Installing 'ansible.windows:1.12.0' to '/home/ubuntu/.ansible/collections/ansible_collections/ansible/windows'
ansible.windows:1.12.0 was installed successfully
ubuntu@ansible:~$ 

################

ubuntu@ansible:~/Documents/Windows$ pip3 install pywinrm #python3-winrm 
/usr/lib/python3/dist-packages/secretstorage/dhcrypto.py:15: CryptographyDeprecationWarning: int_from_bytes is deprecated, use int.from_bytes instead
  from cryptography.utils import int_from_bytes
/usr/lib/python3/dist-packages/secretstorage/util.py:19: CryptographyDeprecationWarning: int_from_bytes is deprecated, use int.from_bytes instead
  from cryptography.utils import int_from_bytes
Defaulting to user installation because normal site-packages is not writeable
Requirement already satisfied: pywinrm in /usr/lib/python3/dist-packages (0.3.0)
ubuntu@ansible:~/Documents/Windows$ 

################

ubuntu@ansible:~/Documents/Windows$ nslookup 192.168.34.44
44.34.168.192.in-addr.arpa      name = testmachine2.vcloud-lab.com.

Below are my two ansible files which contain the yaml code and data to connect to Microsoft Windows server host from Ansible server. I am using local user authentication in this inventory configuration setup files. AD authentication will not work at the moment. To get it working I will have to set up Ansible server accordingly, I will write one article regarding the same in the future.

You can download this files here or it is also available on github.com/janviudapi.

# main.yaml - Ansible yaml code to ping Windows host
---
- name: Windows connection testing from Ansible
  hosts: win
  gather_facts: false

  tasks:
  - name: Ansible ping testing to Windows
    ansible.windows.win_ping:

# inventory - Ansible Inventory file - Windows IP Information and Authentication
[win]
testmachine2 ansible_host=192.168.34.44 
#ansible_username=Username

[win:vars]
ansible_user=Administrator 
ansible_password='Computer@123'
ansible_connection=winrm
ansible_winrm_server_cert_validation=ignore
#ansible_port=5896
#ansible_winrm_scheme=http
#ansible_winrm_transport=basic

After preparing my Ansible server, When you run the playbook file for the first time against a Windows system you might get below error of unreachable. This is a simple ping test using ansible, but it is not normal ping where we use ICMP protocol. Instead ansible uses WINRM protocol to connect to Windows Host.

ubuntu@ansible:~/Documents/Windows$ ansible-playbook main.yaml -i inventory

PLAY [Windows connection testing from Ansible] ************************************************************************************************************************************

TASK [Ansible ping testing to Windows] ********************************************************************************************************************************************
fatal: [testmachine2]: UNREACHABLE! => {"changed": false, "msg": "ssl: HTTPSConnectionPool(host='192.168.34.44', port=5896): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(, 'Connection to 192.168.34.44 timed out. (connect timeout=30)'))", "unreachable": true}

PLAY RECAP ************************************************************************************************************************************************************************
testmachine2               : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0   

ubuntu@ansible:~/Documents/Windows$ 

To solve this error Windows system hosts need to be prepared by running below PowerShell script first. Ansible tries to connect to the Windows system over WinRM port and protocol.This Windows PSRemoting is not ready yet. By running below ps1 script file on PowerShell (As an Administrator), It will configure and setup WinRM (PS Remoting), Https self-signed certificate for winrm, create rules in windows firewall to allow winrm http: 5985 and https: 5986 ports for ansible collection and other settings.

https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1

Microsoft Windows server PowerShell self-signed ssl certificate thumbprint ansible pywinrm charm windows remoting hostname scemas xmlsoap powershell redhat ansible yaml yml ping result.jpg

Now my Microsoft Windows system is prepared. Running playbook command again on Ansible shows win_ping testing is successful.

ubuntu@ansible:~/Documents/Windows$ ansible-playbook main.yaml -i inventory

PLAY [Windows connection testing from Ansible] ************************************************************************************************************************************

TASK [Ansible ping testing to Windows] ********************************************************************************************************************************************
ok: [testmachine2]

PLAY RECAP ************************************************************************************************************************************************************************
testmachine2               : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

ubuntu@ansible:~/Documents/Windows$ 

Microsort Windows server Ansible-playbook main.yaml -i inventory ansible ping testing to windows play recap unreachable windows connection testing from ansible yaml win_ping.jpg

Useful Articles
Getting started Ansible AWX tower for IT automation run first playbook
Ansible for VMwary Using vmware_vm_inventory dynamic inventory plugin
Ansible selectattr The error was TemplateRuntimeError no test named 'equalto'
ansible create an array with set_fact
Ansible get information from esxi advanced settings nested dictionary with unique keynames
Install Ansible AWX Tower on Ubuntu Linux
Ansible AWX installation error Cannot have both the docker-py and docker python modules
Ansible AWX installation error docker-compose run --rm --service-ports task awx-manage migrate --no-input
docker: Got permission denied while trying to connect to the Docker daemon socket
Ansible AWX Tower create Manual SCM (Source Control Credential Type) project
Reset Ansible AWX Tower admin password
Install Ansible AWX on Microsoft Windows OS
Step by Step Install Ansible on Ubuntu OS
Install Ansible AWX Tower on Ubuntu Linux OS
Ansible AWX Tower Github inventory integration | Github inventory source

Go Back

Comment

Blog Search

Page Views

11274082

Follow me on Blogarama