Ansible supports Windows from the 1.7+ version, with the actual measurement of Windows 7 SP1 and Windows Server R2 and above, the system is simply configured to communicate with Ansible normally. However, the following points need to be met:
1, the management machine must be a Linux system, and the original Python winrm module
2. The underlying communication is based on PowerShell and the version is 3.0+,management Framework version 3.0 +
3. Remote Windows host opens WinRM service
- Controlled host Windows
- Installing the Framework 3.0+
Download Link: Http://download.microsoft.com/download/B/A/4/BA4A7E71-2906-4B2D-A0E1-80CF16844F5F/dotNetFx45_Full_x86_x64.exe
2. Change the PowerShell policy to remotesigned
Enter start PowerShell on the command line to start PowerShell
View script execution policies through get-executionpolicy; Change script execution policy with set-executionpolicy unrestricted
3. Upgrade PowerShell to 3.0 +
Window 7 and Windows Server R2 have PowerShell installed by default, but the version number is typically version 2.0, so we need to upgrade to 3.0+,windows PowerShell 3.0 using the. NETFramework 4.0
Download UPGRADE_TO_PS3.PS1, right-click to restart the system after running with PowerShell
or using ansible to provide an initialization script, the script basically completes the following actions:
Check the thumbprint of the last installed certificate
Configuring error Handling
Detecting Power shell versions
Check/start WIMRM service
Ensure that the PS session configuration is checked after WinRM is running
Make sure you have SSL snooping
Check Basic authentication
Configuring firewalls to allow WinRM HTTPS links
Local Test connection is normal over network mode
Note: If you are prompted to disable script execution in the system, you can enter Set-executionpolicy remotesigned in the PowerShell command line interface and enter Y, which will not be reported when executing the script.
4. Setting up the Windows Remote Management (WS-MANAGEMENT,WINRM) service
Note the following actions are performed in CMD, not in PowerShell
The WinRM service is not enabled by default
WinRM quickconfig
View WinRM service Listener:winrm e Winrm/config/listener
Configure Auth to True (default = False): WinRM set Winrm/config/service/auth @{basic= "true"}
Configure allow non-encryption: WinRM set Winrm/config/service @{allowunencrypted= "true"}
This completes the environment configuration for the Windows Remote Management (WS-MANAGEMENT,WINRM) service!
-
Control host Linux:
If you do not have PIP installed, first install the PIP that corresponds to your Python version:
[[email protected] svn]# Easy_ Install pip #wget Https://bootstrap.pypa.io/get-pip.py;python get-pip.pyinstalled/usr/lib/python2.7/site-packages/ pip-10.0.1-py2.7.eggprocessing dependencies for pipfinished processing dependencies for pip[[email protected] svn ]# [[email protected] svn]# pip install Paramiko pyyaml Jinja2 httplib2 six #pip install PYWINRM Paramiko pyyaml Jin JA2 httplib2 six[[email protected] 118920]# tail-2/etc/ansible/hosts [windows]10.15.97.100 ansible_ssh_user=] Administrator "ansible_ssh_pass=" 123123 "ansible_ssh_port=5985 ansible_connection=" WinRM "Ansible_winrm_server_ Cert_validation=ignore[[email protected] ~]#
- connectivity
Win_ The ping module under the Ping:windows system is commonly used to test the host for survival.
[[email protected] ~]# ansible 10.15.97.100 -m win_ping10.15.97.100 | SUCCESS => { "changed": false, "ping": "pong"}[[email protected] ~]#
* remote Command Execution
Remote execution commands are divided into remote execution Windows native own commands through raw modules, such as: "Ipconfig"
The Win_command module for remote execution of Ansible can also execute commands, that is, ansible extension commands such as "WhoAmI"
Default is garbled, need to modify WinRM module file
[[email protected] ~]# cp /usr/lib/python2.7/site-packages/winrm/protocol.py{,.20180718bak}[[email protected] ~]# sed -i "s#tdout_buffer.append(stdout)#tdout_buffer.append(stdout.decode(‘gbk‘).encode(‘utf-8‘))#g" /usr/lib/python2.7/site-packages/winrm/protocol.py[[email protected] ~]# sed -i "s#stderr_buffer.append(stderr)#stderr_buffer.append(stderr.decode(‘gbk‘).encode(‘utf-8‘))#g" /usr/lib/python2.7/site-packages/winrm/protocol.py[[email protected] ~]#
[[email protected] ~]# ansible windows -m raw -a "ipconfig"10.15.97.100 | SUCCESS | rc=0 >>Windows IP ConfigurationEthernet adapter 本地连接: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::e9ce:231:8bc6:45ea%11 IPv4 Address. . . . . . . . . . . : 10.15.97.100 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.15.97.254Tunnel adapter isatap.{BB164424-6017-46EB-978A-5E7CFDF80A14}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix
[[email protected] ~]# ansible windows -m raw -a "cmd /c ‘move /y D:\Ansible\product\DBFPlus.exe D:\Ansible\back\‘"ERROR! failed at splitting arguments, either an unbalanced jinja2 block or quotes: cmd /c ‘move /y D:\Ansible\product\DBFPlus.exe D:\Ansible\back\‘[[email protected] ~]# ansible windows -m raw -a "cmd /c ‘move /y D:\Ansible\product\DBFPlus.exe D:\Ansible\back\DBFPlus.exe‘"10.15.97.100 | SUCCESS | rc=0 >>
Moving a file target also needs to be developed to a file, not only to the location of the directory where
[[email protected] ~]# ansible windows -m raw -a "cmd /c ‘move /y D:\Ansible\product\ D:\Ansible\back\‘"ERROR! failed at splitting arguments, either an unbalanced jinja2 block or quotes: cmd /c ‘move /y D:\Ansible\product\ D:\Ansible\back\‘[[email protected] ~]# ansible windows -m raw -a "cmd /c ‘move /y D:\Ansible\product\ D:\Ansible\back‘"10.15.97.100 | FAILED | rc=1 >>The system cannot find the file specified.non-zero return code[[email protected] ~]# ansible windows -m raw -a "cmd /c ‘move /y D:\Ansible\product D:\Ansible\back\‘"ERROR! failed at splitting arguments, either an unbalanced jinja2 block or quotes: cmd /c ‘move /y D:\Ansible\product D:\Ansible\back\‘[[email protected] ~]# ansible windows -m raw -a "cmd /c ‘move /y D:\Ansible\product D:\Ansible\back‘"10.15.97.100 | SUCCESS | rc=0 >>
Neither the source side nor the target directory of the mobile folder can have backslashes/. and move the entire directory of the source to the destination directory.
[[email protected] ~]# ansible windows -m raw -a "md d:\Ansible\justin"10.15.97.100 | SUCCESS | rc=0 >> Directory: D:\AnsibleMode LastWriteTime Length Name ---- ------------- ------ ---- d---- 2018/7/18 20:13 justin
- Delete a file or directory
[[email protected] ~]# ansible windows -m win_file -a "path=d:\Ansible\justin state=absent"10.15.97.100 | SUCCESS => {
[[email protected] ~]# ansible windows-m win_copy-a ' Src=/app/svn/127_client/118919/zjcfg.zip dest=D:\soft\ ' 10.15.97.100 | SUCCESS = {"Changed": True, "checksum": "D797ae640e37a1de6bb02b1e7fb435d7919effec", "dest": "' D:\\soft\\zj Cfg.zip ' "," Operation ":" File_copy "," Original_basename ":" Zjcfg.zip "," size ": 131374," src ":"/APP/SVN/12 7_client/118919/zjcfg.zip "}[[email protected] ~]# ansible windows-m win_copy-a ' src=/app/svn/127_client/118919 /zjcfg.zip dest=d:\ansible\ ' 10.15.97.100 | failed! = = {"Changed": false, "checksum": "D797ae640e37a1de6bb02b1e7fb435d7919effec", "dest": "' D:\U0007NSIBLE\\ZJC Fg.zip ' "," msg ":" Get-ansibleparam:parameter ' dest ' have an invalid path ' D:\u0007nsible\\ ' specified. "," Operatio N ":" File_copy "," Original_basename ":" Zjcfg.zip "," size ": 131374," src ":"/app/svn/127_client/118919/zjcfg.zi P "}[[email protected] ~]# ansible windows-m win_copy-a ' src=/app/svn/127_client/118919/zjcfg.zip dest=d:\ ' 10.15.97.100 | SUCCESS = {"Changed": True, "checksum": "D797ae640e37a1de6bb02b1e7fb435d7919effec", "dest": "' D:\\zjcfg.zi P ' "," Operation ":" File_copy "," Original_basename ":" Zjcfg.zip "," size ": 131374," src ":"/app/svn/127_clie Nt/118919/zjcfg.zip "}[[email protected] ~]# ansible windows-m win_copy-a ' src=/app/svn/127_client/118919/dest= D:\ ' 10.15.97.100 | SUCCESS = {"Changed": True, "dest": "d:\\", "Operation": "Folder_copy", "src": "/APP/SVN/127_CLIENT/11 8919/"}[[email protected] ~]#
The target path cannot contain the keyword ansible, otherwise the invalid path is prompted, the source uses the backslash result will recursively transfer all files under the directory, the source of the backslash end will transfer the entire directory to the target directory.
[[email protected] ~]# ansible windows -m win_user -a "name=justin passwd=51cto groups=Administrators"10.15.97.100 | SUCCESS => { "account_disabled": false, "account_locked": false, "changed": true, "description": "", "fullname": "justin", "groups": [ { "name": "Administrators", "path": "WinNT://WORKGROUP/WTHOST/Administrators" } ], "name": "justin", "password_expired": true, "password_never_expires": false, "path": "WinNT://WORKGROUP/WTHOST/justin", "sid": "S-1-5-21-4260034264-4268704002-684640490-1001", "state": "present",
- Perform a bat under Windows
[[email protected] ~]# ansible windows -m win_command -a "chdir=D:\ .\xcopy.bat"10.15.97.100 | SUCCESS | rc=0 >>D:\>md d:\justin [[email protected] ~]#
Switch to the directory where bat is located before executing the bat
More official Windows Modules see: Official website
"Absible Learning" ansible Managing Windows systems