ansible 配置管理windows

windows被控端配置:
  • 确保被控机器powershell version 大于等于4.0

    PS C:\Users\Administrator> Get-Host | findstr.exe Version
    Version          : 5.1.17763.2090
    

    Powershell Version 如果低于4.0

  • 配置winrm

    PS C:\Users\Administrator> winrm quickconfig  #配置winrm service并启动服务
    PS C:\Users\Administrator> winrm enumerate winrm/config/listener  #查看winrm service启动监听状态
    PS C:\Users\Administrator> winrm set winrm/config/service/auth '@{Basic="true"}' #启用远程连接认证 
    PS C:\Users\Administrator> winrm set winrm/config/service '@{AllowUnencrypted="true"}' #启用远程连接认证
    PS C:\Users\Administrator> winrm enumerate winrm/config/listener #检查winrm服务正确是否启动
    
  • 修改相关授权策略

    PS C:\Users\Administrator> get-executionpolicy #查看powershell执行策略
    PS C:\Users\Administrator> set-executionpolicy remotesigned #更改powershell执行策略为remotesigned
    
  • 添加防火墙入站规则,放通5985/tcp端口

Linux ansible控制端:
  • 安装ansible以及python模块pywinrm

    # ansible install with yum or pip or source code
    [root@raspberry ~]# yum install ansible -y
    [root@raspberry ~]# ansible --version
    ansible 2.9.23
      config file = /etc/ansible/ansible.cfg
      configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
      ansible python module location = /usr/lib/python2.7/site-packages/ansible
      executable location = /usr/bin/ansible
      python version = 2.7.5 (default, Oct 14 2020, 14:44:55) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]
    
  • 添加Inventory

    传统方式添加

    [root@raspberry ~]# vim /etc/ansible/hosts
    [win]
    192.168.0.100 ansible_ssh_user="WIN_USER" ansible_ssh_pass="WIN_PASSWORD" ansible_ssh_port=5985 ansible_connection="winrm" ansible_winrm_server_cert_validation=ignore
    

    也可以采用yaml格式定义inventory(保持缩进一致):

    [root@raspberry ~]# vim /etc/ansible/hosts_yml
    all:
      children:
        win: #主机组1
          hosts:
            192.168.0.100: #主机
          vars:  #此变量只在windows主机组里生效
            ansible_user: WIN_USER
            ansible_password: WIN_PASSWORD
            ansible_port: 5985
            ansible_connection: winrm
            ansible_winrm_server_cert_validation: ignore
    
  • 更多ansible配置:

    [root@raspberry ~]# vim /etc/ansible/ansible.cfg
    
测试
  • 测试连通性

    [root@raspberry ~]# ansible win -m win_ping
    192.168.0.100 | SUCCESS => {
        "changed": false,
        "ping": "pong"
    }
    [root@raspberry ~]# ansible -i /etc/ansible/hosts_yml win -m win_ping
    192.168.0.100 | SUCCESS => {
        "changed": false,
        "ping": "pong"
    }
    
上一篇:ansible系列(34)--ansible实战之部署WEB集群架构(4)


下一篇:Ansible Jinja2 模板