Ansible控制windows端设置
一、Windons端配置
1. 下载并安装Microsoft .NET Framework 4.5
官网下载地址:http://download.microsoft.com/download/B/A/4/BA4A7E71-2906-4B2D-A0E1-80CF16844F5F/dotNetFx45_Full_x86_x64.exe
下载至本地后双击左键安装即可,期间可能会多次重启,电脑需正常连接Internet。
- powershell策略修改:
(1)获取/查看powershell策略:
get-executionpolicy //如果策略是remotesigned则不需要修改
(2)更改powershell策略为remotesigned:
set-executionpolicy remotesigned
- 升级PowerShell至3.0+(可以用get-host查看当前版本)
(1)下载文件upgrade_to_ps3.ps1,下载路径:
https://raw.githubusercontent.com/cchurch/ansible/devel/examples/scripts/upgrade_to_ps3.ps1
(2)右键选择“使用PowerShell运行”,执行完毕重启系统后,在PowerShell执行Get-Host命令结果如下图所示PowerShell版本为3.0为正常。
- 设置Windows远端管理(WS-Management,WinRM)
(1)winrm service 默认都是未启用的状态,先查看状态;
执行命令“winrm e winrm/config/listener”,如返回错误信息,则是没有启动;
启动winrm的命令是:winrm qc
(2)针对winrm service 进行基础配置:
winrm quickconfig
(3)查看winrm service listener:
winrm e winrm/config/listener
(4)为winrm service 配置auth:
winrm set winrm/config/service/auth ‘@{Basic="true"}’
(5)为winrm service 配置加密方式为允许非加密:
winrm set winrm/config/service ‘@{AllowUnencrypted="true"}’
5.安装修补程序:
在PowerShell v3.0上运行时,WinRM服务存在一个错误,它限制了WinRM可用的内存量。如果未安装此修补程序,Ansible将无法在Windows主机上执行某些命令。
(1)下载安装:
下载路径:git clone https://github.com/jborean93/ansible-windows.git
将文件 ansible-windows/scripts/Install-WMF3Hotfix.ps1 拷贝到windows机器上,右键选择“使用PowerShell运行”,执行完毕重启系统
注意:有些windows机器不能直接执行Install-WMF3Hotfix.ps1,需要转到cmd命令下执行命令“powershell 文件目录\Install-WMF3Hotfix.ps1”
二、linux端配置
1.安装ansible
# yum install ansible -y
2.安装pip
#easy_install pip
3.安装pywinrm
#pip install pywinrm
4.配置hosts文件
# vim /etc/ansible/hosts
[windows]
192.168.35.157
[windows:vars]
ansible_ssh_user="admin"
ansible_ssh_pass="sdts@1234"
ansible_connection="winrm"
ansible_ssh_port=5985
ansible_winrm_server_cert_validation=ignore
- 测试是否能够ping通
# ansible windows -m win_ping
192.168.35.157 | SUCCESS => {
"changed": false,
"ping": "pong"
}
三、配置过程中踩过的坑:
(1)错误一:
# ansible windows -m win_ping
192.168.35.157 | UNREACHABLE! => {
"changed": false,
"msg": "plaintext: HTTPConnectionPool(host='192.168.35.155', port=5985): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x7f36188c7d10>, 'Connection to 192.168.35.157 timed out. (connect timeout=30)'))",
"unreachable": true
}
原因:
windows系统的防火墙开启
解决方法:
关闭windows防火墙,Linux系统重新执行ansible脚本即可
(2)问题二:
# ansible windows -m win_ping
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
192.168.35.157 | FAILED! => {
"changed": false,
"msg": "Unhandled exception while executing module: Exception of type 'System.OutOfMemoryException' was thrown."
}
原因:
没有安装修补程序
解决方法:
下载安装Install-WMF3Hotfix.ps1