Ansible is a common automated operations tool based on Python. The reason why choose Ansible is because it is simple, do not need the client, the most important place is the other I have no use.
Ansible Management host must be installed in the Linux environment, this is the official requirements. The system is CentOS 7.4, Python does not say, the system is required by default. Ansible on the management of Linux I will not say, a lot of articles on the Internet, we will study the Ansible of Windows Management.
Environment construction
Ansible Installation Method:
Yum Install Ansible
Yes, you are not wrong, it is so simple, of course, some people like to customize the installation, I feel no need, CentOS upgrade to 7, a lot of things are standard, unlike 5 or 6, yum and rpm installed file package location is very confusing, 7, after the fixed folder, You can search by yourself.
Modify the configuration file, edit the/etc/ansible/ansible.cfg, specify the hosts location on the line:
Vi/etc/ansible/ansible.cfg
[Hosts]
Hostfile =/etc/ansible/hosts
Gather_subset = All
#remote_user = root
#remote_port = 22
Host_key_checking = False
Warn=false
Windows Connection Module Installation:
Yum Install PYTHON-WINRM
It's done, isn't it simple.
Next we add the Windows machine to the Hosts file
[web]
Iistest-2. com [email protected] ansiblepassword= ansibleport=5985 ansibleconnection=winrm Ansiblewinrmtransport=kerberos Ansiblewinrmkinitmode=managed
Iistest-2. com This is the hostname, if there is no internal DNS, here can fill in the IP address
My side all the machine is added domain, all use domain account and password to connect, domain account use [email protected], domain must capitalize, otherwise verification does not pass, authentication method is Kerberos, about authentication method can view official document HTTP/ Docs.ansible.com/ansible/latest/userguide/windowswinrm.html?highlight=kerberos
ansiblewinrmkinitmode=managed Here I use Automatic, can also choose Manual Manual mode, that is, every time to use the verification command to verify, kinit [email protected] and then enter the password, Use Klist to view the expiry time.
Configuring Windows WinRM Management
Querying the WinRM state
WinRM Enumerate Winrm/config/listener
The WinRM service is on by default and is easy to manage with PowerShell, which is basically not required for this configuration. Sometimes the connection may not be the firewall does not open the corresponding policy.
Additional configuration methods can be viewed in the official documentation: Http://docs.ansible.com/ansible/latest/user_guide/windows_setup.html#winrm-setup
And then test the effect.
- Here is basically finished, the rest is to write Yml file, this is learning.
Ansible about Windows Management