如果要ansible管理windwos主机,一定要源码包或者pip安装ansible。否则ansible不会调用winrm
yum install gcc make cmake zlib-devel bzip2 bzip2-devel readline-devel sqlite sqlite-devel openssl-devel xz xz-devel libffi-devel -y wget https://www.python.org/ftp/python/3.8.8/Python-3.8.8.tgz tar zxvf Python-3.8.8.tgz mkdir /usr/local/python3 cd Python-3.8.8 ./configure --prefix=/usr/local/python3/ make && make install ln -s /usr/local/python3/bin/python3 /usr/bin/python3 ln -s /usr/local/python3/bin/pip3 /usr/bin/pip3 /usr/local/python3/bin/python3.8 -m pip install --upgrade pip pip3 install pywinrm -i https://pypi.tuna.tsinghua.edu.cn/simple pip3 install ansible -i https://pypi.tuna.tsinghua.edu.cn/simple ln -s /usr/local/python3/bin/ansible /usr/bin/ansible
windows主机配置
以管理员运行powershell,get-host查看版本,要求在4.0以上
# 1.查看powershell执行策略 get-executionpolicy # 2.更改powershell执行策略为remotesigned【输入y确认】 set-executionpolicy remotesigned # 3.配置winrm service并启动服务 winrm quickconfig # 4.修改winrm配置,启用远程连接认证【这里是PowerShell的命令,如果用cmd的话,@前面的' 和 末尾的' 要去掉的】 winrm set winrm/config/service/auth '@{Basic="true"}' winrm set winrm/config/service '@{AllowUnencrypted="true"}' # 5.查看winrm service启动监听状态【如果有应答,说明服务配置并启动成功了】 winrm enumerate winrm/config/listener # 6 设置防火墙放行5985端口 # 7 添加用户,权限设置为完全控制 winrm configSDDL default
修改ansible主机清单
vi /etc/ansible/hosts [windows] 192.168.1.100 ansible_ssh_user="admin" ansible_ssh_pass="123456" ansible_ssh_port=5985 ansible_connection="winrm" ansible_winrm_server_cert_validation=ignore
用域用户管理
[win_server] 192.168.100.[101:200] [win_server:vars] ansible_ssh_user=admin@TEST.COM ansible_ssh_pass=123456 ansible_ssh_port=5985 ansible_connection=winrm ansible_winrm_transport=ntlm # 必须加 ansible_winrm_server_cert_validation=ignore
测试
ansible windows -m win_ping
windows下常用模块
scripts,raw,slurp,setup模块在Windows 下可正常使用 win_acl (E) —设置文件/目录属主属组权限 win_copy—拷贝文件到远程Windows主机 win_file —创建,删除文件或目录 win_lineinfile—匹配替换文件内容 win_package (E) —安装/卸载本地或网络软件包 win_ping —Windows系统下的ping模块,常用来测试主机是否存活 win_service—管理Windows Services服务 win_user —管理Windows本地用户
传输文件到指定目录
ansible windows -m win_copy -a 'src=/home/win_install dest=d:\\'
删除指定文件
ansible windows -m win_file -a 'path=d:\\win_install state=absent'