ansible接続テストwindows環境設定

目次
 
refrence
ansible server
vi/etc/ansible/hosts
windows
check powershell and .net version
powershell upgrade
check powershell executionpolicy
check network
setup winrm
enable port
enable winrm listener
set winrm
use python to test winrm
ansible test connect to windows

refrence

https://docs.ansible.com/ansible/latest/user_guide/windows_setup.html

ansible server

yum install ansible -y

pip install pywinrm

set configure

vi /etc/ansible/hosts

# configure in ansible server
[winhost]
192.168.56.1

[winhost:vars]
ansible_user=domain\usename
ansible_password=xxx
#ansible_port=5985
ansible_connection=winrm
ansible_winrm_transport=ntlm
ansible_winrm_server_cert_validation=ignore
ansible_port=5986
#ansible_winrm_scheme=http
ansible_winrm_scheme=https

windows

run powershell as admin

check powershell and .net version

check network configure

setup winrm

winrm set

enable port: 5985 or 5986

check powershell and .net version

see this

powershell upgrade

# if cannot run follows code
# then copy https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1 as local file: ConfigureRemotingForAnsible.ps1
# run powershell.exe -ExecutionPolicy ByPass -File .\ConfigureRemotingForAnsible.ps1
$url = "https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1"
$file = "$env:temp\ConfigureRemotingForAnsible.ps1"

(New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file)

powershell.exe -ExecutionPolicy ByPass -File $file

check powershell executionpolicy

get-executionpolicy
# if not remotesigned, then set it use follows code
set-executionpolicy remotesigned

check network

# if NetworkCategory=public, then winrm cannot set winrm/config/service '@{AllowUnencrypted="true"}' 
Get-NetConnectionProfile
# NetworkCategory  : Private
winrm set winrm/config/service '@{AllowUnencrypted="true"}'

setup winrm

admin run powershell

copy code to install winrm

# not secure
$url = "https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1"
$file = "$env:temp\ConfigureRemotingForAnsible.ps1"

(New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file)

powershell.exe -ExecutionPolicy ByPass -File $file

enable port

admin run powershell

copy code to enable ports: 5985 and 5986

netsh advfirewall firewall add rule name="Win-RM-HTTP" dir=in localport=5985 protocol=TCP action=allow

netsh advfirewall firewall add rule name="Win-RM-HTTP" dir=in localport=5986 protocol=TCP action=allow

enable winrm listener

winrm enumerate winrm/config/listener

set winrm

set auth

set AllowUnencrypted

set TrustedHosts(Option)

winrm set winrm/config/service/auth '@{Basic="true"}'

winrm set winrm/config/service '@{AllowUnencrypted="true"}'
# allow remote ip to connect
winrm s winrm/config/Client @{TrustedHosts="192.168.1.*"}

use python to test winrm

# python test winrm
from winrm.protocol import Protocol

p = Protocol(
    endpoint='https://192.168.1.1:5986/wsman',
    transport='ntlm',
    username=r'domain\username',
    password='xxxxx',
    server_cert_validation='ignore')
shell_id = p.open_shell()
command_id = p.run_command(shell_id, 'ipconfig', ['/all'])
std_out, std_err, status_code = p.get_command_output(shell_id, command_id)
p.cleanup_command(shell_id, command_id)
p.close_shell(shell_id)
print(std_out)

ansible test connect to windows

ansible winhost -m win_ping -vvv

ansible winhost -m win_shell -a "ipconfig"

​