ansible接続テストwindows環境設定
4739 ワード
目次
refrence
ansible server
vi/etc/ansible/hosts
windows
check powershell and .net version
powershell upgrade
check powershell executionpolicy
check network
setup winrm
enable port
enable winrm listener
set winrm
use python to test winrm
ansible test connect to windows
https://docs.ansible.com/ansible/latest/user_guide/windows_setup.html
yum install ansible -y pip install pywinrm set configure
run powershell as admin check powershell and .net version check network configure setup winrm winrm set enable port: 5985 or 5986
see this
admin run powershell copy code to install winrm
admin run powershell copy code to enable ports: 5985 and 5986
set auth set AllowUnencrypted set TrustedHosts(Option)
refrence
ansible server
vi/etc/ansible/hosts
windows
check powershell and .net version
powershell upgrade
check powershell executionpolicy
check network
setup winrm
enable port
enable winrm listener
set winrm
use python to test winrm
ansible test connect to windows
refrence
ansible server
vi /etc/ansible/hosts
# configure in ansible server
[winhost]
192.168.56.1
[winhost:vars]
ansible_user=domain\usename
ansible_password=xxx
#ansible_port=5985
ansible_connection=winrm
ansible_winrm_transport=ntlm
ansible_winrm_server_cert_validation=ignore
ansible_port=5986
#ansible_winrm_scheme=http
ansible_winrm_scheme=https
windows
check powershell and .net version
see this
powershell upgrade
# if cannot run follows code
# then copy https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1 as local file: ConfigureRemotingForAnsible.ps1
# run powershell.exe -ExecutionPolicy ByPass -File .\ConfigureRemotingForAnsible.ps1
$url = "https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1"
$file = "$env:temp\ConfigureRemotingForAnsible.ps1"
(New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file)
powershell.exe -ExecutionPolicy ByPass -File $file
check powershell executionpolicy
get-executionpolicy
# if not remotesigned, then set it use follows code
set-executionpolicy remotesigned
check network
# if NetworkCategory=public, then winrm cannot set winrm/config/service '@{AllowUnencrypted="true"}'
Get-NetConnectionProfile
# NetworkCategory : Private
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
setup winrm
# not secure
$url = "https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1"
$file = "$env:temp\ConfigureRemotingForAnsible.ps1"
(New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file)
powershell.exe -ExecutionPolicy ByPass -File $file
enable port
netsh advfirewall firewall add rule name="Win-RM-HTTP" dir=in localport=5985 protocol=TCP action=allow
netsh advfirewall firewall add rule name="Win-RM-HTTP" dir=in localport=5986 protocol=TCP action=allow
enable winrm listener
winrm enumerate winrm/config/listener
set winrm
winrm set winrm/config/service/auth '@{Basic="true"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
# allow remote ip to connect
winrm s winrm/config/Client @{TrustedHosts="192.168.1.*"}
use python to test winrm
# python test winrm
from winrm.protocol import Protocol
p = Protocol(
endpoint='https://192.168.1.1:5986/wsman',
transport='ntlm',
username=r'domain\username',
password='xxxxx',
server_cert_validation='ignore')
shell_id = p.open_shell()
command_id = p.run_command(shell_id, 'ipconfig', ['/all'])
std_out, std_err, status_code = p.get_command_output(shell_id, command_id)
p.cleanup_command(shell_id, command_id)
p.close_shell(shell_id)
print(std_out)
ansible test connect to windows
ansible winhost -m win_ping -vvv
ansible winhost -m win_shell -a "ipconfig"