標籤:raw boot base sum cte 管理 加密 通訊 stderr
Ansible 從1.7+版本開始支援Windows,實測Windows 7 SP1和Windows Server 2008 R2及以上版本系統經簡單配置可正常與Ansible通訊。但需要滿足以下幾點:
1、管理機必須是linux系統,且原裝Python Winrm模組
2、底層通訊基於PowerShell,版本為3.0+,Management Framework版本為3.0+
3、遠程windows主機開啟Winrm服務
- 被控制主機windows
- 安裝Framework 3.0+
下載連結為:http://download.microsoft.com/download/B/A/4/BA4A7E71-2906-4B2D-A0E1-80CF16844F5F/dotNetFx45_Full_x86_x64.exe
2.更改powershell策略為remotesigned
在命令列中輸入 start powershell就可啟動powershell
通過Get-ExecutionPolicy查看指令碼執行策略;通過Set-ExecutionPolicy UnRestricted變更指令碼執行策略
3.升級PowerShell至3.0+
Window 7和Windows Server 2008 R2預設安裝的有PowerShell,但版本號碼一般為2.0版本,所以我們需升級至3.0+,Windows PowerShell 3.0使用的是 .netframework 4.0
下載upgrade_to_ps3.ps1,右擊使用powershell運行後重啟系統
或者使用Ansible 官方提供初始化指令碼,指令碼主要完成如下操作:
檢查最後安裝認證的指紋
配置錯誤處理
檢測Power shell版本
檢查/啟動WimRM服務
確保WinRM運行之後,檢查有PS會話配置
確保有SSL監聽
檢查基本鑒權
配置防火牆允許WinRM HTTPS連結
本地測試通過網路方式串連是否正常
注意:如果提示系統中禁止執行指令碼,可以在Powershell 命令列介面輸入 set-ExecutionPolicy RemoteSigned 然後輸入Y,在執行指令碼就不會報
4.設定Windows遠端管理(WS-Management,WinRM)服務
注意以下操作在cmd中執行,而非powershell中
winrm 服務預設都是未啟用的狀態
winrm quickconfig
查看winrm service listener:winrm e winrm/config/listener
配置auth 為true(預設為false):winrm set winrm/config/service/auth @{Basic="true"}
配置允許非加密方式:winrm set winrm/config/service @{AllowUnencrypted="true"}
至此windows遠端管理(WS-Management,WinRM)服務的環境配置完成!
控制主機linux:
如果沒有安裝pip, 先安裝對應於你的Python版本的pip:
[[email protected] svn]# easy_install pip #wget https://bootstrap.pypa.io/get-pip.py;python get-pip.pyInstalled /usr/lib/python2.7/site-packages/pip-10.0.1-py2.7.eggProcessing dependencies for pipFinished processing dependencies for pip[[email protected] svn]# [[email protected] svn]# pip install paramiko PyYAML Jinja2 httplib2 six #pip install pywinrm paramiko PyYAML Jinja2 httplib2 six[[email protected] 118920]# tail -2 /etc/ansible/hosts [windows]10.15.97.100 ansible_ssh_user="administrator" ansible_ssh_pass="123123" ansible_ssh_port=5985 ansible_connection="winrm" ansible_winrm_server_cert_validation=ignore[[email protected] ~]#
- 連通性
win_ping:Windows系統下的ping模組,常用來測試主機是否存活。
[[email protected] ~]# ansible 10.15.97.100 -m win_ping10.15.97.100 | SUCCESS => { "changed": false, "ping": "pong"}[[email protected] ~]#
* 遠程執行命令
遠程執行命令分為遠程執行windows 原生自有命令通過raw 模組,如:"ipconfig "
遠程執行ansible的win_command模組也可以執行命令,即ansible的擴充命令如"whoami"
預設是亂碼,需要修改winrm模組檔案
[[email protected] ~]# cp /usr/lib/python2.7/site-packages/winrm/protocol.py{,.20180718bak}[[email protected] ~]# sed -i "s#tdout_buffer.append(stdout)#tdout_buffer.append(stdout.decode(‘gbk‘).encode(‘utf-8‘))#g" /usr/lib/python2.7/site-packages/winrm/protocol.py[[email protected] ~]# sed -i "s#stderr_buffer.append(stderr)#stderr_buffer.append(stderr.decode(‘gbk‘).encode(‘utf-8‘))#g" /usr/lib/python2.7/site-packages/winrm/protocol.py[[email protected] ~]#
[[email protected] ~]# ansible windows -m raw -a "ipconfig"10.15.97.100 | SUCCESS | rc=0 >>Windows IP ConfigurationEthernet adapter 本地串連: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::e9ce:231:8bc6:45ea%11 IPv4 Address. . . . . . . . . . . : 10.15.97.100 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.15.97.254Tunnel adapter isatap.{BB164424-6017-46EB-978A-5E7CFDF80A14}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : [[email protected] ~]#
[[email protected] ~]# ansible windows -m win_command -a "whoami"10.15.97.100 | SUCCESS | rc=0 >>wthost\administrator[[email protected] ~]#
[[email protected] ~]# ansible windows -m raw -a "cmd /c ‘move /y D:\Ansible\product\DBFPlus.exe D:\Ansible\back\‘"ERROR! failed at splitting arguments, either an unbalanced jinja2 block or quotes: cmd /c ‘move /y D:\Ansible\product\DBFPlus.exe D:\Ansible\back\‘[[email protected] ~]# ansible windows -m raw -a "cmd /c ‘move /y D:\Ansible\product\DBFPlus.exe D:\Ansible\back\DBFPlus.exe‘"10.15.97.100 | SUCCESS | rc=0 >> 1 file(s) moved.[[email protected] ~]#
移動檔案目標端也需要制定到檔案,而不能只制定到所在目錄位置
[[email protected] ~]# ansible windows -m raw -a "cmd /c ‘move /y D:\Ansible\product\ D:\Ansible\back\‘"ERROR! failed at splitting arguments, either an unbalanced jinja2 block or quotes: cmd /c ‘move /y D:\Ansible\product\ D:\Ansible\back\‘[[email protected] ~]# ansible windows -m raw -a "cmd /c ‘move /y D:\Ansible\product\ D:\Ansible\back‘"10.15.97.100 | FAILED | rc=1 >>The system cannot find the file specified.non-zero return code[[email protected] ~]# ansible windows -m raw -a "cmd /c ‘move /y D:\Ansible\product D:\Ansible\back\‘"ERROR! failed at splitting arguments, either an unbalanced jinja2 block or quotes: cmd /c ‘move /y D:\Ansible\product D:\Ansible\back\‘[[email protected] ~]# ansible windows -m raw -a "cmd /c ‘move /y D:\Ansible\product D:\Ansible\back‘"10.15.97.100 | SUCCESS | rc=0 >> 1 dir(s) moved.[[email protected] ~]#
移動檔案夾源端和目標端目錄都不能帶反斜線/。且將源的整個目錄移到目的端目錄裡。
[[email protected] ~]# ansible windows -m raw -a "md d:\Ansible\justin"10.15.97.100 | SUCCESS | rc=0 >> Directory: D:\AnsibleMode LastWriteTime Length Name ---- ------------- ------ ---- d---- 2018/7/18 20:13 justin [[email protected] ~]#
[[email protected] ~]# ansible windows -m win_file -a "path=d:\Ansible\justin state=absent"10.15.97.100 | SUCCESS => { "changed": true}[[email protected] ~]#
[[email protected] ~]# ansible windows -m raw -a "taskkill /F /IM snmp.exe /T"10.15.97.100 | SUCCESS | rc=0 >>SUCCESS: The process with PID 1412 (child process of PID 548) has been terminated.[[email protected] ~]#
[[email protected] ~]# ansible windows -m win_copy -a ‘src=/app/svn/127_Client/118919/zjcfg.zip dest=D:\soft\‘10.15.97.100 | SUCCESS => { "changed": true, "checksum": "d797ae640e37a1de6bb02b1e7fb435d7919effec", "dest": "‘D:\\soft\\zjcfg.zip‘", "operation": "file_copy", "original_basename": "zjcfg.zip", "size": 131374, "src": "/app/svn/127_Client/118919/zjcfg.zip"}[[email protected] ~]# ansible windows -m win_copy -a ‘src=/app/svn/127_Client/118919/zjcfg.zip dest=D:\ansible\‘10.15.97.100 | FAILED! => { "changed": false, "checksum": "d797ae640e37a1de6bb02b1e7fb435d7919effec", "dest": "‘D:\u0007nsible\\zjcfg.zip‘", "msg": "Get-AnsibleParam: Parameter ‘dest‘ has an invalid path ‘D:\u0007nsible\\‘ specified.", "operation": "file_copy", "original_basename": "zjcfg.zip", "size": 131374, "src": "/app/svn/127_Client/118919/zjcfg.zip"}[[email protected] ~]# ansible windows -m win_copy -a ‘src=/app/svn/127_Client/118919/zjcfg.zip dest=D:\‘10.15.97.100 | SUCCESS => { "changed": true, "checksum": "d797ae640e37a1de6bb02b1e7fb435d7919effec", "dest": "‘D:\\zjcfg.zip‘", "operation": "file_copy", "original_basename": "zjcfg.zip", "size": 131374, "src": "/app/svn/127_Client/118919/zjcfg.zip"}[[email protected] ~]# ansible windows -m win_copy -a ‘src=/app/svn/127_Client/118919/ dest=D:\‘10.15.97.100 | SUCCESS => { "changed": true, "dest": "D:\\", "operation": "folder_copy", "src": "/app/svn/127_Client/118919/"}[[email protected] ~]#
目標路徑不能含關鍵詞ansible,否則提示無效路徑,源使用反斜線結果將遞迴傳輸目錄下所有檔案,源不一反斜線結尾將整個目錄傳輸到目標目錄下。
[[email protected] ~]# ansible windows -m win_user -a "name=justin passwd=51cto groups=Administrators"10.15.97.100 | SUCCESS => { "account_disabled": false, "account_locked": false, "changed": true, "description": "", "fullname": "justin", "groups": [ { "name": "Administrators", "path": "WinNT://WORKGROUP/WTHOST/Administrators" } ], "name": "justin", "password_expired": true, "password_never_expires": false, "path": "WinNT://WORKGROUP/WTHOST/justin", "sid": "S-1-5-21-4260034264-4268704002-684640490-1001", "state": "present", "user_cannot_change_password": false}[[email protected] ~]#
[[email protected] ~]# ansible windows -m win_command -a "chdir=D:\ .\xcopy.bat"10.15.97.100 | SUCCESS | rc=0 >>D:\>md d:\justin [[email protected] ~]#
先切換到bat所在目錄,再執行bat
更多官方windows模組見:官網
【Absible學習】ansible管理windows系統