ansible接続テストwindows環境設定

4739 ワード

目次
 
refrence
ansible server
vi/etc/ansible/hosts
windows
check powershell and .net version
powershell upgrade
check powershell executionpolicy
check network
setup winrm
enable port
enable winrm listener
set winrm
use python to test winrm
ansible test connect to windows

refrence

  • https://docs.ansible.com/ansible/latest/user_guide/windows_setup.html

  • ansible server

  • yum install ansible -y
  • pip install pywinrm
  • set configure

  • vi /etc/ansible/hosts

    # configure in ansible server
    [winhost]
    192.168.56.1
    
    [winhost:vars]
    ansible_user=domain\usename
    ansible_password=xxx
    #ansible_port=5985
    ansible_connection=winrm
    ansible_winrm_transport=ntlm
    ansible_winrm_server_cert_validation=ignore
    ansible_port=5986
    #ansible_winrm_scheme=http
    ansible_winrm_scheme=https
    

    windows

  • run powershell as admin
  • check powershell and .net version
  • check network configure
  • setup winrm
  • winrm set
  • enable port: 5985 or 5986

  • check powershell and .net version


    see this

    powershell upgrade

    # if cannot run follows code
    # then copy https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1 as local file: ConfigureRemotingForAnsible.ps1
    # run powershell.exe -ExecutionPolicy ByPass -File .\ConfigureRemotingForAnsible.ps1
    $url = "https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1"
    $file = "$env:temp\ConfigureRemotingForAnsible.ps1"
    
    (New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file)
    
    powershell.exe -ExecutionPolicy ByPass -File $file
    

    check powershell executionpolicy

    get-executionpolicy
    # if not remotesigned, then set it use follows code
    set-executionpolicy remotesigned
    

    check network

    # if NetworkCategory=public, then winrm cannot set winrm/config/service '@{AllowUnencrypted="true"}' 
    Get-NetConnectionProfile
    # NetworkCategory  : Private
    winrm set winrm/config/service '@{AllowUnencrypted="true"}'
    

    setup winrm

  • admin run powershell
  • copy code to install winrm
  • # not secure
    $url = "https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1"
    $file = "$env:temp\ConfigureRemotingForAnsible.ps1"
    
    (New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file)
    
    powershell.exe -ExecutionPolicy ByPass -File $file
    

    enable port

  • admin run powershell
  • copy code to enable ports: 5985 and 5986
  • netsh advfirewall firewall add rule name="Win-RM-HTTP" dir=in localport=5985 protocol=TCP action=allow
    
    netsh advfirewall firewall add rule name="Win-RM-HTTP" dir=in localport=5986 protocol=TCP action=allow
    

    enable winrm listener

    winrm enumerate winrm/config/listener
    

    set winrm

  • set auth
  • set AllowUnencrypted
  • set TrustedHosts(Option)
  • winrm set winrm/config/service/auth '@{Basic="true"}'
    
    winrm set winrm/config/service '@{AllowUnencrypted="true"}'
    # allow remote ip to connect
    winrm s winrm/config/Client @{TrustedHosts="192.168.1.*"}
    

    use python to test winrm

    # python test winrm
    from winrm.protocol import Protocol
    
    p = Protocol(
        endpoint='https://192.168.1.1:5986/wsman',
        transport='ntlm',
        username=r'domain\username',
        password='xxxxx',
        server_cert_validation='ignore')
    shell_id = p.open_shell()
    command_id = p.run_command(shell_id, 'ipconfig', ['/all'])
    std_out, std_err, status_code = p.get_command_output(shell_id, command_id)
    p.cleanup_command(shell_id, command_id)
    p.close_shell(shell_id)
    print(std_out)
    

    ansible test connect to windows

    ansible winhost -m win_ping -vvv
    
    ansible winhost -m win_shell -a "ipconfig"