windows被控端配置:
-
确保被控机器powershell version 大于等于4.0
PS C:\Users\Administrator> Get-Host | findstr.exe Version Version : 5.1.17763.2090
Powershell Version 如果低于4.0
-
配置winrm
PS C:\Users\Administrator> winrm quickconfig #配置winrm service并启动服务 PS C:\Users\Administrator> winrm enumerate winrm/config/listener #查看winrm service启动监听状态 PS C:\Users\Administrator> winrm set winrm/config/service/auth '@{Basic="true"}' #启用远程连接认证 PS C:\Users\Administrator> winrm set winrm/config/service '@{AllowUnencrypted="true"}' #启用远程连接认证 PS C:\Users\Administrator> winrm enumerate winrm/config/listener #检查winrm服务正确是否启动
-
修改相关授权策略
PS C:\Users\Administrator> get-executionpolicy #查看powershell执行策略 PS C:\Users\Administrator> set-executionpolicy remotesigned #更改powershell执行策略为remotesigned
-
添加防火墙入站规则,放通5985/tcp端口
Linux ansible控制端:
-
安装
ansible
以及python模块pywinrm
# ansible install with yum or pip or source code [root@raspberry ~]# yum install ansible -y [root@raspberry ~]# ansible --version ansible 2.9.23 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible python version = 2.7.5 (default, Oct 14 2020, 14:44:55) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]
-
添加Inventory
传统方式添加
[root@raspberry ~]# vim /etc/ansible/hosts [win] 192.168.0.100 ansible_ssh_user="WIN_USER" ansible_ssh_pass="WIN_PASSWORD" ansible_ssh_port=5985 ansible_connection="winrm" ansible_winrm_server_cert_validation=ignore
也可以采用yaml格式定义inventory(保持缩进一致):
[root@raspberry ~]# vim /etc/ansible/hosts_yml all: children: win: #主机组1 hosts: 192.168.0.100: #主机 vars: #此变量只在windows主机组里生效 ansible_user: WIN_USER ansible_password: WIN_PASSWORD ansible_port: 5985 ansible_connection: winrm ansible_winrm_server_cert_validation: ignore
-
更多ansible配置:
[root@raspberry ~]# vim /etc/ansible/ansible.cfg
测试
-
测试连通性
[root@raspberry ~]# ansible win -m win_ping 192.168.0.100 | SUCCESS => { "changed": false, "ping": "pong" } [root@raspberry ~]# ansible -i /etc/ansible/hosts_yml win -m win_ping 192.168.0.100 | SUCCESS => { "changed": false, "ping": "pong" }