First, brief
1. Description
The daily system Automation operation and maintenance process will inevitably have a Windows Series server, in terms of open source software is currently most of the Windows Batch management compatibility is not very good, unlike the Linux system is convenient, but in reality there are some business need to run on Windows; Search find toss some, Discover Python developed ansible (has been redhat acquisition) have a better solution, through a toss, sorted out, in case of forgetting exchange;
2. Experimental environment
Server-side:
Centos7.4_x64 comes with Python 2.7.5 ip:172.16.3.167
Source Installation Ansible
Managed Windows side:
win7sp1_x32 requires PowerShell 3.0+ ip:172.16.3.188 and opens the WinRM service Open firewall rule
3. Experimental objectives
Through the Ansible module to the Windows to transfer files, manage accounts, execute scripts and other batch automation management work;
Second, ansible configuration
1. Introduction
Ansible Windows is supported from the 1.7+ version, but the management machine must be a Linux system, and the remote host communication mode is also changed from SSH under Linux to PowerShell, and the hypervisor needs to install the Python pywinrm module However, PowerShell requires the 3.0+ version and the management Framework 3.0+ version, the actual measurement of Windows 7 SP1 and Windows Server R2 and the above version of the system is simple configuration can be normal and ansible communication.
2. Environment Preparation
The following configuration is under Centos7.4_x64
Install PIP and related dependencies
下载pip#wget https://bootstrap.pypa.io/get-pip.py#python get-pip.py安装依赖#pip install paramiko PyYAML Jinja2 httplib2 six
3, source installation ansible
# git clone git://github.com/ansible/ansible.git --recursive#cd ./ansible#source ./hacking/env-setup
Running the Env-setup script means that the ansible is running based on the source code. The default inventory file is/etc/ansible/hosts
Cat/etc/ansible/hosts
Note: This step can be added to the boot from Qingzhong;
[win7]172.16.3.188 ansible_ssh_user="virtual" ansible_ssh_pass="myself." ansible_ssh_port=5985 ansible_connection="winrm" ansible_winrm_server_cert_validation=ignore
Note the information on one line, separated by a space, [Win7] is the title of this host, the following is the IP and connection information, etc.;
The above ansible management side has been configured, the management end of the Win7 has not been configured, relatively slightly troublesome point
Third, the management end win7 configuration
1. Introduction to the Environment
Slightly different from Linux, the managed end system if it is a Windows series, the following configuration is required:
Install the framework 3.0+ (may need to download)
Configuring the PowerShell policy to remotesigned (requires modification)
Upgrade PowerShell to 3.0+ (win7 default is 2.0)
Set Windows Remote Management, full name Ws-management (WinRM)
2. Environment configuration
A, upgrade or install the framework 4.5
If the framework edition is not satisfied, please visit Microsoft official download
B. Modify the PowerShell policy to remotesigned
:
C, upgrade PowerShell to 3.0
Save the following script as Upgrade_to_ps3.ps1
# PowerShell script to upgrade a PowerShell 2.0 system to Powershell 3.0 # based on http://occasionalutility.blogspot.com/ 2013/11/everyday-powershell-part-7-powershell.html # Some Ansible modules that could use PowerShell 3 features, so systems m Ay need # to be upgraded. This is used by a sample playbook. Refer to the Windows # documentation in docs.ansible.com for details. #-Hosts:windows # tasks: #-Script:upgrade_to_ps3.ps1 # Get version of OS # 6.0 is $ # 6.1 is R2 # 6.2 Is 6.3 R2 if ($PSVersionTable. Psversion.major-ge 3) {write-host "Powershell 3 installed already; You don't need this "Exit" $powershellpath = "C:\powershell" function download-file {param ([string] $path, [s Tring] $local) $client = New-object system.net.WebClient $client. Headers.add ("User-agent", "PowerShell") $client. DownloadFile ($path, $local)} if (! ( Test-path $powershellpath)) {New-item-itemtype Directory-path $powershellpath} #. NThe ET Framework 4.0 is necessary. #if ($PSVersionTable. Clrversion.major)-lt 2) #{# $DOWNLOADURL = "Http://download.microsoft.com/download/B/A/4/BA4A7 E71-2906-4b2d-a0e1-80cf16844f5f/dotnetfx45_full_x86_x64.exe "# $FileName = $DownLoadUrl. Split ('/') [-1] # Download-fi Le $downloadurl "$powershellpath \ $filename" #. $powershellpath \ $filename "/quiet/norestart #} #You need to reboot after the. NET install if so just run the script Again. # If the Operating System is above 6.2 and then you already has PowerShell Version > 3 If ([environment]::osversion.vers Ion. Major-gt 6) {write-host "OS is new; Upgrade not needed. " Exit} $osminor = [Environment]::osversion.version.minor $architecture = $ENV:P rocessor_architecture if ($architecture- EQ "AMD64") {$architecture = "x64"} else {$architecture = "x86"} if ($osminor-eq 1) {$Downlo Adurl = "Http://download.microsoft.com/download/E/7/6/E76850B8-DA6E-4FF5-8CCE-A24FC513FD16/Windows6.1-KB2506143-"+ $architecture +". MSU "} elseif ($osminor-eq 0) {$DownloadUrl =" Http://download.microsoft.com/downloa d/e/7/6/e76850b8-da6e-4ff5-8cce-a24fc513fd16/windows6.0-kb2506146-"+ $architecture +". MSU "} else {# Nothing ' to D O In theory this point would never be reached. Exit} $FileName = $DownLoadUrl. Split ('/') [-1] download-file $downloadurl "$powershellpath \ $filename" Start-process- FilePath "$powershellpath \ $filename"-argumentlist/quiet
Script from GitHub Upgrade_to_ps3.ps1
Right-click on the administrator to run for a few minutes (depending on the speed of download, as long as the task Manager has PowerShell in the instructions are still downloading the installation), the system will automatically restart the upgrade installation PowerShell to 3.0
:
View PowerShell information after rebooting
D. Setting up the Windows Remote Management (WS-MANAGEMENT,WINRM) service
The WinRM service is not enabled by default, and note that the following actions are performed in CMD, not in PowerShell
Basic configuration of the WinRM service:
WinRM QUICKCONFIGC:\USERS\SAN02>WINRM Quickconfig has been running the WinRM service on this computer. WinRM has not been set up to manage this computer and allows remote access to it. The following changes must be made: Creating a WinRM listener on http://* accepts Ws-man requests for any IP on this machine. Enable the WinRM firewall exception. Do you want to make these changes [y/n]? The YWINRM has been updated to be used for remote administration. Creating a WinRM listener on http://* accepts Ws-man requests for any IP on this machine. The WinRM firewall exception is enabled. View WinRM service Listenerwinrm e winrm/config/listenerc:\users\san02>winrm e winrm/config/listenerlistener Address = * Transport = HTTP Port = 5985 Hostname Enabled = True URLPrefix = Wsman certificatethumbprint Liste Ningon = 127.0.0.1, 172.16.3.137,:: 1, fe80::100:7f:fffe%13, fe80::5efe:172.16.3.137%12, fe80::4865:97de:bb1f:877% 11 Configure Auth to True (default = False) WinRM set Winrm/config/service/auth @{basic= "true"}c:\users\san02>winrm set winrm/config/ Service/auth @{basic= "true"}auth Basic = True Kerberos = True Negotiate = True Certificate = False CredSSP = False Cbthardeninglevel = Relaxed configuration allows non-encrypted winrm set Winrm/config/service @{allowunencrypted= "true"}c:\users\san02& Gt;winrm Set Winrm/config/service @{allowunencrypted= "true"}service Rootsddl = O:nsg:bad:p (A;; GA;;; BA) (A;; Gr;;;i U) s:p (au;fa;ga;;; WD) (AU;SA; GXGW;;; WD) maxconcurrentoperations = 4294967295 Maxconcurrentoperationsperuser = Enumerationtimeoutms = 240000 M Axconnections = Maxpacketretrievaltimeseconds = Allowunencrypted = True Auth Basic = True. ..... The following omit ....
At this point the management end Win7 environment configuration is complete!
IV. Testing ansible Management windows
1. View connection Status
[[email protected] ~]# ansible win7 -m win_ping172.16.3.188 | SUCCESS => { "attempts": 1, "changed": false, "failed": false, "ping": "pong"}
2. Get Windows Facts
[[email protected] ~]# ansible win7 -m setup172.16.3.188 | SUCCESS => { "ansible_facts": { "ansible_architecture": "32-bit", "ansible_bios_date": "12/01/2006", "ansible_bios_version": "VirtualBox", "ansible_date_time": { "date": "2018-01-24", "day": "24", "epoch": "1516816620.86637", "hour": "17", "iso8601": "2018-01-24T09:57:00Z", "iso8601_basic": "20180124T175700861308", "iso8601_basic_short": "20180124T175700", "iso8601_micro": "2018-01-24T09:57:00.861308Z", "minute": "57", "month": "01", "second": "00", ......以下省略.......
3. Remote command execution
Default is garbled, need to modify WinRM module file
sed -i "s#tdout_buffer.append(stdout)#tdout_buffer.append(stdout.decode(‘gbk‘).encode(‘utf-8‘))#g" /usr/lib/python2.7/site-packages/winrm/protocol.pysed -i "s#stderr_buffer.append(stderr)#stderr_buffer.append(stderr.decode(‘gbk‘).encode(‘utf-8‘))#g" /usr/lib/python2.7/site-packages/winrm/protocol.py
获取ip地址[[email protected] ~]# ansible win7 -m raw -a "ipconfig"172.16.3.188 | SUCCESS | rc=0 >>Windows IP ConfigurationEthernet adapter 本地连接: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::c55d:90f1:8d60:5d97%11 IPv4 Address. . . . . . . . . . . : 172.16.3.188 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : fe80::daae:90ff:fe02:9d81%11 172.16.3.1
4. File transfer to Win7 managed side
Copy the/etc/issue file to the current directory (or directly/etc/issue) to the target host (can modify the file name)
[[email protected] ~]# ansible win7 -m win_copy -a "src=issue dest=D:\issue"172.16.3.188 | SUCCESS => { "attempts": 1, "changed": true, "checksum": "5c76e3b565c91e21bee303f15c728c71e6b39540", "dest": "D:\\issue", "failed": false, "operation": "file_copy", "original_basename": "issue", "size": 23, "src": "issue"}
More useful modules please refer to the official Windows available modules, including automatic configuration, etc.;
Ansible automated management of Windows system combat