The operation of Windows machines has always been a pain point for operation engineers. The community is too closed and there are too few automation tools. Ansible, as a tool for automated o&M, also supports the management of Windows machines and can meet the needs of daily O&M work. This article describes how to use Ansible to manage Windows virtual machines.
Written in the book of the former
The author uses a lot of Microsoft technology, business services based on.NET development, infrastructure deployment on Azure Cloud, Service orchestration using Service Fabric… Therefore, both CI and CD pipelines in our project are VM Ware virtual machines based on Windows operating system, so the operation and maintenance of Windows system has become a big pain point for us. The Windows operating system community is not as active as the Linux community, so there are few related tools. Management tools comparable to excellent projects in the Linux community are very rare, and most of them need to be purchased or authorized, which brings great inconvenience to our operation and maintenance. Fortunately, Ansible is a great tool for automating operations and managing Windows machines, so we used Ansible to manage our virtual machines.
Understand Ansible
Ansible, an open source (and commercial) project funded by RedHat, is a Python-based tool for IT automation. Ansible provides powerful functions such as application deployment, configuration management, and task scheduling. Ansible is also easy to learn. You don’t need to install Ansible Agent to perform tasks on remote machines, and you don’t need to learn any additional programming languages while developing the Playbook. You just need to write YAML files in ansible-defined formats.
Ansible does not require Ansible Agent to be installed, but this does not mean that managed hosts can be automatically managed without any configuration. Ansible uses SSH to communicate with Linux hosts, so you need to configure SSH communication on Linux hosts, such as users and authentication. Ansible communicates with Windows hosts using the WS-Management protocol, so you need to install WinRM and Powershell on Windows hosts and configure them.
Ansible manages Windows hosts
Windows host configuration
- Install Powershell
You can install Powershell by referring to Installing Powershell on Windows. You are advised to install the latest stable version. If you already have an older version of Powershell installed on your Windows host, you can upgrade it using the Powershell script below
$url = "https://raw.githubusercontent.com/jborean93/ansible-windows/master/scripts/Upgrade-PowerShell.ps1"
$file = "$env:temp\Upgrade-PowerShell.ps1"
$username = "Administrator"
$password = "Password"
$version = "5.1"
(New-Object -TypeName System.Net.WebClient).DownloadFile($url.$file)
Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Force
&$file -Version $version -Username $username -Password $password -Verbose
Copy the code- Install WinRM
For details about how to install WinRM, see Installation and Configuration for Windows Remote Management. You are advised to install the latest stable version. If you want to simply install WinRM and use the default configuration, you can install it using the following Powershell script
$url = "https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1"
$file = "$env:temp\ConfigureRemotingForAnsible.ps1"
(New-Object -TypeName System.Net.WebClient).DownloadFile($url.$file)
powershell.exe -ExecutionPolicy ByPass -File $file
Copy the codeLinux Management Host Configuration (Ubuntu)
- Install Python3
sudo apt-get update -y
sudo apt-get install -y python3
Copy the code- Install python3 – winrm
sudo apt-get update -y
sudo apt-get install -y python3-winrm
Copy the code- Install the Kerberos client
apt-get install krb5-user
Copy the codeWrite Ansible Inverntory files
Ansible uses The Kerberos protocol to communicate with the WinRM service on Windows hosts. For security reasons, the communication requires authentication.
This part is related to the WinRM configuration of the Windows host in the previous section. This part is only an example when the Default configuration of WinRM is adopted. Please modify it when using it.
YAML formats
all:
children:
windows:
hosts:
WINDOWS_HOST_NAME
vars:
ansible_connection: winrm
ansible_port: 5986
ansible_winrm_transport: kerberos
ansible_user: WINDOWS_ADMIN_USER
ansible_password: WINDOWS_ADMIN_PASSWORD
ansible_become: false
ansible_winrm_server_cert_validation: ignore
Copy the codeAnsible format
[windows]
[windows:children]
WINDOWS_HOST_NAME
[windows:vars]
ansible_connection=winrm
ansible_port=5986
ansible_winrm_transport=kerberos
ansible_user=WINDOWS_ADMIN_USER
ansible_password=WINDOWS_ADMIN_PASSWORD
ansible_become=false
ansible_winrm_server_cert_validation=ignore
Copy the codeAt this point, you’re ready to write Ansible PlayBook for the specific task of managing Windows hosts.
supplement
I initially tried to use Windows virtual machines as administrative hosts, but ran into problems installing Ansible. Ansible does not provide a compiled Ansible installation package for Windows, but does provide a way to install Ansible using PIP, so I tried to install Ansible using PIP, but encountered the following problems
error: can't copy 'lib\ansible\module_utils\ansible_release.py': doesn't exist or not a regular file
Copy the codeAfter doing a lot of research, I found that Ansible does not currently support installation and running on Windows, so I happily chose an Ubuntu machine as my administration host.