Ansible with windows

 Published On February 13, 2019

In this blog I will explain how to communicate with windows machines and ansible.

Prerequisite

If you want to communicate with windows servers through Ansible, you need to fix all prerequisite and enable/configure winrm. For more detail on Ansible prerequisite for windows, you can refer the link.

Add hostname in inventory/host file

To communicate with servers, we need to add hostname of target server in the Ansible host. For this you can follow these steps:

  • Edit /etc/ansible/hosts file in the ansible server( from where ansible is installed and you want to communicate to target server).
  • Add hostname to file like:
    [windows]
    HOSTANME1
    HOSTANME2
    HOSTANME3
    

    it will add HOSTANME1,HOSTANME2,HOSTANME3 servers in windows group.

Define variables for windows servers

Next step to add variables for windows servers. You can do so by following these steps:

  • Edit /etc/ansible/hosts file in the ansible server( from where ansible is installed and you want to communicate to target server).
  • Add variables like :
    [windows:vars]
    ansible_user=USER_OF_TARGET_WINDOWS_SERVER
    ansible_password=PASSWORD_OF_TARGET_WINDOWS_SERVER_USER
    ansible_port=5986
    ansible_connection=winrm
    ansible_winrm_server_cert_validation=ignore
    

The above example is for communicate windows servers by ansible without proxy and certificates. ansible_winrm_server_cert_validation=ignore will ignore the certificates.

Define variables for Proxy

  • Install and authorize key to proxy server before changing the variables for ansible.
  • Edit /etc/ansible/hosts file in the ansible server( from where ansible is installed and you want to communicate to target server).
  • Add variables like :
    [windows:vars]
    ansible_user=USER_OF_TARGET_WINDOWS_SERVER
    ansible_password=PASSWORD_OF_TARGET_WINDOWS_SERVER_USER
    ansible_port=5986
    ansible_connection=winrm
    ansible_winrm_scheme=https
    ansible_winrm_transport=certificate
    ansible_winrm_cert_pem=CERT.PEM_FILE_PATH
    ansible_winrm_cert_key_pem=CERT.KEY_FILE_PATH
    ansible_winrm_https_proxy="socks5://SOCKD_USERNAME:[email protected]_IP:ROXY_PORT" 
    

Configure sockd on proxy server to listen and pass ansible command to target

To configure sockd on proxy you need to follow these steps:

  • Edit /etc/sockd.conf file and add configurations for ansible server like:
    client pass {
      from: ANSIBLE_SERVER_IP/32 port 1-65535 to: 0.0.0.0/0
      protocol: tcp udp
      proxyprotocol: socks_v5
      socksmethod: username
      log: connect disconnect iooperation error
    }
    

Ping server

Now All set, You can communicate windows servers by ansible. To test on all windows servers you can run following command: ansible -m win_ping windows.


Tags: Ansible windows

Comments:

comments powered by Disqus